Audit & Attestation

About this Publication

This publication is intended for the study and preparation of the CPA Exam, and is not intended to offer any legal, accounting, or professional advice. The guidance, opinions, and strategies contained herein make no representations or warranties with respect the accuracy or completeness of the content. The publisher specifically disclaims any express or implied warranties for a particular business, legal, or accounting purpose.
Although every effort is made for accuracy and quality review, the intended purpose of the publication is for knowledge of the CPA exam, and should only be used as such. Neither publisher nor author shall be liable directly or indirectly for any damages. Some of this content is copyrighted by AICPA, and other parties. Redistribution of the content is not allowed without prior written consent from the originator. No part of this publication may be reproduced or electronically transmitted through an unauthorized method. Published by eM Media & Publications, LLC Audit & Attestation Version 1.2013 | Compiled 4-14-2013

About Our Cause

Our website is an open collaborative CPA review website for the public. This website is created with the intent to help candidates pass the CPA exam. The user generated content is provided by contributors and other users of this website, creating a powerful organization of moderated CPA Exam material. WikiCPA Review invites you to submit content, and join a network of candidates and professionals for the purpose of an enhanced review course for all to use.

How you can help

WikiCPA Review invites you to volunteer, and join a network of candidates and professional for the purpose of an enhanced review courses for all to use. Contact us today to learn the steps to how you can become an actively involved at www.wikicpareview.com/volunteer .

About the Exam

The Uniform Certified Public Accountant Examination is the examination administered to people who wish to become U.S. Certified Public Accountants. The CPA Exam is used by the regulatory bodies of all fifty states plus the District of Columbia. The CPA Exam is developed, maintained and scored by the American Institute of Certified Public Accountants (AICPA) and administered at Prometric test centers in partnership with the National Association of State Boards of Accountancy (NASBA).

About Audit & Attestation

The Auditing and Attestation section tests knowledge and understanding of the following professional standards: Auditing standards promulgated in the United States of America (related to audits of an Issuer (a public company), a Nonissuer (an entity that is not a public company), governmental entities, not-for-profit entities, and employee benefit plans, standards related to attestation and assurance engagements, and standards for performing accounting and review services. Candidates are expected to demonstrate an awareness of: (1) the International Auditing and Assurance Standards Board (IAASB) and its role in establishing International Standards on Auditing (ISAs), (2) the differences between ISAs and U.S. auditing standards, and (3) the audit requirements under U.S. auditing standards that apply when they perform audit procedures on a U.S. company that supports an audit report based upon the auditing standards of another country, or the ISAs. This section also tests knowledge of professional responsibilities of certified public accountants, including ethics and independence. Candidates are also expected to demonstrate an awareness of: (1) the International Ethics Standards Board for Accountants (IESBA) and its role in establishing requirements of the International Federation of Accountants (IFAC) Code of Ethics for Professional Accountants, and (2) the independence requirements that apply when they perform audit procedures on a U.S. company that supports an audit report based upon the auditing standards of another country, or the ISAs.

In addition to demonstrating knowledge and understanding of the professional standards, candidates are required to demonstrate the skills required to apply that knowledge in performing auditing and attestation tasks as certified public accountants. The outline below specifies the tasks and related knowledge in which

candidates are required to demonstrate proficiency: Candidates are also expected to perform the following tasks: Demonstrate an awareness and understanding of the process by which standards and professional requirements are established for audit, attestation, and other services performed by CPAs, including the role of standard-setting bodies within the U.S. and those bodies with the authority to promulgate international standards. Differentiate between audits, attestation and assurance services, compilations, and reviews. Differentiate between the professional standards for issuers and nonissuers. Identify situations that might be unethical or a violation of professional standards, perform research and consultations as appropriate, and determine the appropriate action. Recognize potentially unethical behavior of clients and determine the impact on the services being performed. Demonstrate the importance of identifying and adhering to requirements, rules, and standards that are established by licensing boards within their states, and which may place additional professional requirements specific to their state of practice. Appropriately apply professional requirements in practice, and differentiate between unconditional requirements and presumptively mandatory requirements. Exercise due care in the performance of work. Demonstrate an appropriate level of professional skepticism in the performance of work. Maintain independence in mental attitude in all matters relating to the audit. Research relevant professional literature. AICPA, American Institute of Certified Public Accountants, Inc.

Content Specification Outline

This book is organized in conjunction with the AICPAs Content Specification Outline of the CPA Examination. The outline below specifies the knowledge in which candidates are required to demonstrate proficiency:
I. Auditing and Attestation: Engagement Acceptance and Understanding the Assignment (12% - 16%) A. Determine Nature and Scope of Engagement B. Consider the Firms System of Quality Control for Policies and Procedures Pertaining to Client Acceptance and Continuance, including 1. The CPA firms ability to perform the engagement within reporting deadlines 2. Experience and availability of firm personnel to meet staffing and supervision requirements 3. Whether independence can be maintained 4. Integrity of client management 5. Appropriateness of the engagements scope to meet the clients needs C. Communicate with the Predecessor Auditor D. Establish an Understanding with the Client and Document the Understanding Through an Engagement Letter or Other Written Communication with the Client E. Consider Other Planning Matters 1. Consider using the work of other independent auditors 2. Determine the extent of the involvement of professionals possessing specialized skills 3. Consider the independence, objectivity, and competency of the internal audit function F. Identify Matters and Prepare Documentation for Communications with Those Charged with Governance II. Auditing and Attestation: Understanding the Entity and Its Environment (including Internal Control) (16% - 20%) A. Determine and Document Materiality Levels for Financial Statements Taken as a Whole B. Conduct and Document Risk Assessment Discussions Among Audit Team, Concurrently with Discussion on Susceptibility of the Entitys Financial Statement to Material Misstatement Due to Fraud C. Consideration of Fraud 1. Identify characteristics of fraud 2. Document required discussions regarding risk of fraud 3. Document inquiries of management about fraud 4. Identify and assess risks that may result in material misstatements due to fraud D. Perform and Document Risk Assessment Procedures 1. Identify, conduct and document appropriate inquiries of management and others within the entity 2. Perform appropriate analytical procedures to understand the entity and identify areas of risk 3. Obtain information to support inquiries through observation and inspection (including reading corporate minutes, etc.) E. Consider Additional Aspects of the Entity and its Environment, including: Industry, Regulatory and Other External Factors; Strategies and Business Risks; Financial Performance F. Consider Internal Control 1. Perform procedures to assess the control environment, including consideration of the COSO framework and identifying entity-level controls

2. Obtain and document an understanding of business processes and information flows 3. Perform and document walkthroughs of transactions from inception through recording in the general ledger and presentation in financial statements 4. Determine the effect of information technology on the effectiveness of an entitys internal control 5. Perform risk assessment procedures to evaluate the design and implementation of internal controls relevant to an audit of financial statements 6. Identify key risks associated with general controls in a financial IT environment, including change management, backup/recovery, and network access (e.g. administrative rights) 7. Identify key risks associated with application functionality that supports financial transaction cycles, including: application access control (e.g. administrative access rights); controls over interfaces, integrations, and ecommerce; significant algorithms, reports, validation, edit checks, error handling, etc. 8. Assess whether the entity has designed controls to mitigate key risks associated with general controls or application functionality 9. Identify controls relevant to reliable financial reporting and the period-end financial reporting process 10. Consider limitations of internal control 11. Consider the effects of service organizations on internal control 12. Consider the risk of management override of internal controls G. Document an Understanding of the Entity and its Environment, including Each Component of the Entitys Internal Control, in Order to Assess Risks H. Assess and Document the Risk of Material Misstatements 1. Identify and document financial statement assertions and formulate audit objectives including significant financial statement balances, classes of transactions, disclosures, and accounting estimates 2. Relate the identified risks to relevant assertions and consider whether the risks could result in a material misstatement to the financial statements 3. Assess and document the risk of material misstatement that relates to both financial statement level and specific assertions 4. Identify and document conditions and events that may indicate risks of material misstatement I. Identify and Document Significant Risks that Require Special Audit Consideration 1. Risk of fraud 2. Significant recent economic, accounting, or other developments 3. Related parties and related party transactions 4. Improper revenue recognition 5. Nonroutine or complex transactions 6. Significant management estimates 7. Illegal acts III. Auditing and Attestation: Performing Audit Procedures and Evaluating Evidence (16% - 20%) A. Develop Overall Responses to Risk 1. Develop overall responses to risks identified and use the risks of material misstatement to drive the nature, timing, and extent of further audit procedures 2. Document significant risks identified, related controls evaluated, and overall responses to address assessed risks 3. Determine and document level(s) of tolerable misstatement B. Perform Audit Procedures Responsive to Risks of Material Misstatement; Obtain and Document Evidence to Form a Basis for Conclusions 1. Design and perform audit procedures whose nature, timing, and extent are responsive to the assessed risk of material misstatement

2. Integrating audits: in an integrated audit of internal control over financial reporting and the financial statements, design and perform testing of controls to accomplish the objectives of both audits simultaneously 3. Design, perform, and document tests of controls to evaluate design effectiveness 4. Design, perform, and document tests of controls to evaluate operating effectiveness 5. Perform substantive procedures 6. Perform audit sampling 7. Perform analytical procedures 8. Confirm balances and/or transactions with third parties 9. Examine inventories and other assets 10. Perform other tests of details, balances, and journal entries 11. Perform computer-assisted audit techniques (CAATs), including data query, extraction, and analysis 12. Perform audit procedures on significant management estimates 13. Auditing fair value measurements and disclosures, including the use of specialists in evaluating estimates 14. Perform tests on unusual year-end transactions 15. Audits performed in accordance with International Standards on Auditing (ISAs) or auditing standards of another country: determine if differences exist and whether additional audit procedures are required 16. Evaluate contingencies 17. Obtain and evaluate lawyers letters 18. Review subsequent events 19. Obtaining and placing reliance on representations from management 20. Identify material weaknesses, significant deficiencies, and other control deficiencies 21. Identify matters for communication with those charged with governance IV. Auditing and Attestation: Evaluating Audit Findings, Communications, and Reporting (16% 20%) A. Perform Analytical Procedures B. Evaluate the Sufficiency and Appropriateness of Audit Evidence and Document Engagement Conclusions C. Evaluate Whether Audit Documentation is in Accordance with Professional Standards D. Review the Work Performed by Others to Provide Reasonable Assurance that Objectives are Achieved E. Document the Summary of Uncorrected Misstatements and Related Conclusions F. Evaluate Whether Financial Statements are Free of Material Misstatements G. Consider the Entitys Ability to Continue as a Going Concern H. Consider Other Information in Documents Containing Audited Financial Statements (e.g. Supplemental Information and Managements Discussion and Analysis) I. Retain Audit Documentation as Required by Standards and Regulations J. Prepare Communications 1. Reports on audited financial statements 2. Reports required by government auditing standards 3. Reports on compliance with laws and regulations 4. Reports on internal control 5. Reports on the processing of transactions by service organizations 6. Reports on agreed-upon procedures 7. Reports on financial forecasts and projections 8. Reports on pro forma financial information 9. Special reports 10. Reissue reports 11. Communicate internal control related matters identified in the audit 12. Communications with those charged with governance

13. Subsequent discovery of facts existing at the date of the auditors report 14. Consideration after the report date of omitted procedures V. Accounting and Review Services Engagements (12% - 16%) A. Plan the Engagement 1. Determine nature and scope of engagement 2. Decide whether to accept or continue the client and engagement including determining the appropriateness of the engagement to meet the clients needs and consideration of independence standards 3. Establish an understanding with the client and document the understanding through an engagement letter or other written communication with the client 4. Consider change in engagement 5. Determine if reports are to be used by third parties B. Obtain and Document Evidence to Form a Basis for Conclusions 1. Obtain an understanding of the clients operations, business, and industry 2. Obtain knowledge of accounting principles and practices in the industry and the client 3. Obtain knowledge of stated qualifications of accounting personnel 4. Perform analytical procedures for review services 5. Obtain representations from management for review services 6. Perform other engagement procedures 7. Consider departures from generally accepted accounting principles (GAAP) or other comprehensive basis of accounting (OCBOA) 8. Prepare documentation from evidence gathered 9. Retain documentation as required by standards 10. Review the work performed to provide reasonable assurance that objectives are achieved C. Prepare Communications 1. Reports on compiled financial statements 2. Reports on reviewed financial statements 3. Restricted use of reports 4. Communicating to management and others 5. Subsequent discovery of facts existing at the date of the report 6. Consider degree of responsibility for supplementary information VI. Professional Responsibilities (16% - 20%) A. Ethics and Independence 1. Code of Professional Conduct (AICPA) 2. Public Company Accounting Oversight Board (PCAOB) 3. U. S. Securities and Exchange Commission (SEC) 4. Government Accountability Office (GAO) 5. Department of Labor (DOL) 6. Sarbanes-Oxley Act of 2002, Title I

7. Sarbanes-Oxley Act of 2002, Title III, Section 303 8. Code of Ethics for Professional Accountants (IFAC) B. Other Professional Responsibilities 1. Sarbanes-Oxley Act of 2002, Title IV 2. Sarbanes-Oxley Act of 2002, Title I

AICPA, American Institute of Certified Public Accountants, Inc.

Auditing and Attestation 1: Engagement Acceptance and Understanding the Assignment Generally Accepted Auditing Standards (GAAS) Introduction
Generally Accepted Auditing Standards (GAAS) - Defined Generally Accepted Auditing Standards are a set of systematic guidelines used by auditors when conducting audits on companies reported financial results, ensuring the accuracy, consistency and verifiability of auditors' actions and reports. GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. 1. The auditor must have adequate technical training & proficiency to perform the audit. 2. The auditor must maintain independence (in fact and appearance) in mental attitude in all matters related to the audit. 3. The auditor must exercise due professional care during the performance of the audit and the preparation of the report. The auditor must diligently perform the audit and report any misleading statements in the report. By relying on GAAS, auditors can minimize the potential or probability of missing material information as relates to companies reported financial results. Standards of Field Work 1. The auditor must adequately plan the work and must properly supervise any assistants. 2. The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures. 3. The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit. Each section includes requirements in which the auditor and subject company must meet. Accordingly, an auditor must adequately plan the audit in advance, be independent of the client at all times, and always obtain reliable evidence. Companies must present their financial statements in accordance with Generally Accepted Accounting Principles (GAAP), remain consistent in their reporting, and explicitly disclose all pertinent information.

Standards of Reporting 1. The auditor must state in the auditor's report whether the financial statements are presented in accordance with generally accepted accounting principles. 2. The auditor must identify in the auditor's report those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period. 3. When the auditor determines that informative disclosures are not reasonably adequate, the auditor must so state in the auditor's report. 4. The auditor must either express an opinion regarding the financial statements, taken as a whole, or state that an opinion cannot be expressed, in the auditor's report. When the auditor cannot express an overall opinion, the auditor should state the reasons therefore in the auditor's report. In all cases where an auditor's name is associated with financial statements, the auditor should clearly indicate the character of the auditor's work, if any, and the degree of responsibility the auditor is taking, in the auditor's report.

Determine Nature and Scope of Engagement

The auditor and the client will establish an understanding with entity regarding the nature of the services to be provided before the audit is to begin. This agreement should include the objectives of the engagement, managements responsibilities, the auditors responsibilities, and restrictions of the engagement. The auditor will then communicate to the client these objectives through an engagement letter.

Procedures of Accepting an Audit Engagement And Preparing the Engagement Letter

There are four phases of an audit: 1. 2. 3. 4. Accepting the audit engagement Planning the audit Performing audit tests Reporting the findings

The audit engagement decision, in todays business marketplace, has become increasingly more visible, reflecting the significant responsibility auditors take when accepting an Audit Engagement. The following 3 factors are the primary contributors to the increased responsibility as result of accepting the Audit Engagement.

1. Societys expectations about the independent auditors role in maintaining the integrity of the Investment Markets. 2. Expanding Legal Liability and Business Risk, underscoring the importance of Auditor assessment of the risk components of an audit. 3. Advances in information technology are changing the nature of the attestation process. ACCEPTING THE ENGAGEMENT The AICPA recommended the use of an engagement risk approach in client acceptance/retention decisions. Engagement risk consists of three components:

Client business risk. This is the risk associated with the clients survival and profitability. Audit Risk. The risk that the auditor may unknowingly fail to appropriately modify his opinion on financial statements that are materially misstated. Auditor Business Risk. The risk of potential litigation costs from an alleged audit failure and the risk of other costs such as fee realization and reputational effects. Much of the examination factors that affect audit risk occur in the pre-engagement process. Accepting the Engagement. There are six primary considerations in deciding whether to accept an engagement Evaluating the integrity of Management. Material errors and irregularities (and fraud) are more likely when management is dishonest. How does the auditor get data on managements honesty? Identifying special circumstances and unusual risks. Auditors must identify the intended users of financial statements. The auditors legal liability exposure may vary based on the intended statement users, especially under common law negligence. Those client firms which face potential significant legal claims and/or financial distress raise the probability of an auditor lawsuit. The auditor should talk to management and creditors, review credit reports, and filings with regulatory agencies. The auditor should also look for the absence or poor quality of accounting records, weak internal controls, and restrictions imposed by the client on the auditor. Assessing competence to perform the audit. Which personnel will be assigned to the audit? The answer to this question determines the amount and type of supervision necessary. The nature of the Audit and its business will affect staffing decisions. Consultants and specialists should be used by the auditor when needed. Evaluate independence. Look at the second general standard of GAAS. Rule 101 of the Code of Conduct requires and defines independence. Determine the auditors ability to use due care. Consider the third general standard of GAAS

Two factors to consider in assessing the ability to use due care: 1. The timing of the appointment - the earlier the appointment for the engagement the better for the auditor. It leaves more time for planning, conversely, Auditor business risk may be increased by acceptance of an engagement near or after the close of the clients fiscal year. 2. he scheduling of field work - interim work done 3 to 4 months before the end of a clients fiscal year greatly assists the auditor in planning audit procedures. Good audit planning necessitates the

use of a time budget. Estimated hours for each staff member should be in the time budget. This also allows preparation of an estimated audit fee. The deployment of client personnel can have a noticeable influence on client audit fees. Scheduled Fieldwork Dates Many companies have explicit dates in which audits need to be completed, and the findings issued. Many companies are required to file quarterly or annual financial statements, indicating audits were conducted on the financial statements released to outside stakeholders. These outside stakeholders include the U.S. Government (such as the Securities and Exchange Commission), the public, its stakeholders. Selecting these dates in which the audit must be completed is an important part of the audit engagement process. Public accounting firms unable to meet specific deadlines for the company can hinder the companys ability to issue financial statements according to government requirements. Preparing the engagement letter GAAS does not require engagement letters. An engagement letter is a contract between the auditor and client. The specific terms should be set down on paper: 1. 2. 3. 4. 5. 6. 7. The financial statements to be audited The purpose of the audit The professional standards to be followed by the auditor Wording related to the nature and scope of the audit. A clear statement that the audit may not detect all irregularities The legal duties of accountants to report illegal client acts should be note Apprising management that it is responsible for the preparation of the financial statements and the maintenance of internal controls 8. The basis on which fees will be computed and any billing arrangements 9. Request for the client to confirm the terms of the engagement by signing and returning a copy of the letter to the auditor

Engagement Acceptance
The audit engagement is a required procedure before the audit can begin, and is a negotiation between the accounting firm and the potential client. Public accounting firm partners are usually responsible for meeting with clients and promoting accounting, audit, and tax services. The partner and the client agree on terms of engagement (a legal relationship) to provide independent auditing/accounting services. The engagement between the auditor and the client describes out the services to be provided, the scope of the work, and fee to be charged. An engagement letter is issued by the auditor that defines the legal relationship between a professional firm and the client, and indicates the services to be offered, the responsibilities, deadlines, a disclaimer and fees. Auditors try to achieve independence in appearance in order to:

Maintain public confidence in the profession.

The independent auditors' plan prepared prior to the start of field work is appropriately considered documentation of:

Planning

Which of the following would most likely be a violation of the independence requirement found in the responsibilities principle under generally accepted auditing standards?

An auditor on the engagement owns a financial interest in the stock of the client.

Which of the following would most likely be a violation of the independence requirement found in the responsibilities principle under generally accepted auditing standards?

An auditor on the engagement owns a financial interest in the stock of the client.

Engagement Letter
An engagement letter defines the legal relationship (or engagement) between a professional firm (e.g., law, investment banking, consulting, advisory or accountancy firm) and its client(s). This letter states the terms and conditions of the engagement, principally addressing the scope of the engagement and the terms of compensation for the firm. Most engagement letters follow a standard format. The example given below refers to the engagement of an accountancy firm. Standard format for letters of engagement

Addressee: Typically addressed to the senior management (e.g. CEO) of the client. Identification of the service to be rendered: One type of service is a financial statement audit. Provided in this section is a brief description of the nature of the particular service. Other services that are planned for the audit (e.g. evaluation of internal control, preparation of regulatory reports) are also identified in this section. Specification of the responsibilities of the auditor of the company: This section refers to the specific professional standards and responsibilities of the auditor. Constraints on the accounting firm: For example, timing of access to client facilities and accounting records may delay the engagement. Deadlines: This section lays out the estimated date of completion and release of the financial statements, as well as the general guidelines for the timing of the audit work.

Description of any assistance to be provided by the client: Typically, the clients personnel will prepare some schedules (e.g. bank reconciliations) and retrieve documents from files. The letter should describe the assistance of client personnel. If the assistance is not provided and the auditors must complete the work themselves, this section of the letter would provide justification for additional fees to the client. Interactions with specialists, internal auditors, and the predecessor auditor needed to conduct the audit: Some specialists needed on an audit may include engineers to verify the stage of completion of electronic components, real estate appraisers to appraise realizable value of real estate used as collateral for loans, actuaries to evaluate the funding requirements and future cash flows associated with pensions or post-retirement health costs, and attorneys to evaluate the likely disposition of contingent losses arising from litigation. A disclaimer: Describing the limits of the audit. Typically this expresses that an audit is not designed to detect all forms of fraud or illegal acts; rather, an audit checks the financial position of a client with reference to generally accepted accounting principles. A description of the basis for fees: This may include a fixed fee or an estimate of fees based on expected completion time and billing rates of firm employees assigned to the engagement. Ownership and accessibility of the auditors files to external parties.

AUD 1 (Engagement Acceptance and Understanding the Assignment) Questions

1. Which of the following would be an appropriate title for a statement of revenue and expenses prepared using an other comprehensive basis of accounting (OCBOA)? A) Statement of operations. B) Statement of income-regulatory basis. C) Income statement. D) Statement of activities. 2. An accountant has been engaged to review a nonissuer's financial statements that contain several departures from GAAP. Management is unwilling to revise the financial statements, and the accountant believes that modification of the standard review report is inadequate to communicate the deficiencies. Under these circumstances, the accountant should A) Determine the effects of the departures from GAAP and issue a special report on the financial statements. B) Express a disclaimer of opinion on the financial statements and advise the board of directors that the financial statements should not be relied on. C) Inform management that a review of the financial statements cannot be completed and request a change from a review to a compilation engagement. D) Withdraw from the engagement and provide no further services concerning these financial statements.

3. An independent auditor must have which of the following? A) A pre-existing and well-informed point of view with respect to the audit. B) Technical training that is adequate to meet the requirements of a professional. C) A background in many different disciplines. D) Experience in taxation that is sufficient to comply with generally accepted auditing standards. 4. Which of the following conditions most likely would pose the greatest risk in accepting a new audit engagement? A) Staff will need to be rescheduled to cover this new client. B) There will be a client-imposed scope limitation. C) The firm will have to hire a specialist in one audit area. D) The client's financial reporting system has been in place for 10 years. 5.Which of the following information that comes to an auditor's attention most likely would raise a question about the occurrence of illegal acts? A) The exchange of property for similar property in a nonmonetary transaction. B) The discovery of unexplained payments made to government employees. C) The presence of several difficult-to-audit transactions affecting expense accounts. D) The failure to develop adequate procedures that detect unauthorized purchases. 6. Which of the following steps should an auditor perform first to determine the existence of related parties? A) Examine invoices, contracts, and purchasing orders. B) Request a list of related parties from management. C) Review the company's business structure. D) Review proxy and other materials filed with the SEC. 7. How does Office of Management and Budget Circular A-133, Audits of States, Local Governments, and Non-Profit Organizations, define a subrecipient? A) As a nonfederal entity that provides a federal award to another entity to carry out a federal program. B) As an individual who receives and expends federal awards received from a pass-through entity. C) As a dealer, distributor, merchant, or other seller providing goods or services that are required for the conduct of a federal program. D) As a nonfederal entity that expends federal awards received from another entity to carry out a federal program. 8. Which of the following outcomes is a likely benefit of information technology used for internal control? A) Processing of unusual or nonrecurring transactions. B) Enhanced timeliness of information. C) Potential loss of data. D) Recording of unauthorized transactions.

9. Analytical procedures are most appropriate when testing which of the following types of transactions? A) Payroll and benefit liabilities. B) Acquisitions and disposals of fixed assets. C) Operating expense transactions. D) Long-term debt transactions. 10. During the audit of a new client, the auditor determined that management had given illegal bribes to municipal officials during the year under audit and for several prior years. The auditor notified the client's board of directors, but the board decided to take no action because the amounts involved were immaterial to the financial statements. Under these circumstances, the auditor should A) Add an explanatory paragraph emphasizing that certain matters, while not affecting the unqualified opinion, require disclosure. B) Report the illegal bribes to the municipal official at least one level above those persons who received the bribes. C) Consider withdrawing from the audit engagement and disassociating from future relationships with the client. D) Issue an except for qualified opinion or an adverse opinion with a separate paragraph that explains the circumstances. 11. Which of the following procedures would be most appropriate for testing the completeness assertion as it applies to inventory? A) Scanning perpetual inventory, production, and purchasing records. B) Examining paid vendor invoices. C) Tracing inventory items from the tag listing back to the physical inventory quantities. D) Performing cutoff procedures for shipping and receiving. 12. As a condition of obtaining a loan from First National Bank, Maxim Co. is required to submit an audited balance sheet but not the related statements of income, retained earnings, or cash flows. Maxim would like to engage a CPA to audit only its balance sheet. Under these circumstances, the CPA A) May not audit only Maxim's balance sheet if the amount of the loan is material to the financial statements taken as a whole. B) May not audit only Maxim's balance sheet if Maxim is a nonissuer. C) May audit only Maxim's balance sheet if the CPA disclaims an opinion on the other financial statements. D) May audit only Maxim's balance sheet if access to the information underlying the basic financial statements is not limited. 13.When assessing internal auditors' objectivity, an independent auditor should A) Consider the policies that prohibit the internal auditors from auditing areas where they were recently assigned. B) Review the internal auditors' reports to determine that their conclusions are consistent with the work performed.

C) Verify that the internal auditors' assessment of control risk is comparable to the independent auditor's assessment. D) Evaluate the quality of the internal auditors' working paper documentation and their recent audit recommendations. 14. During a financial statement audit an internal auditor may provide direct assistance to the independent CPA in performing Tests of controls,Substantive tests A) Yes, Yes B) Yes, No C) No, Yes D) No, No 15. The company being audited has an internal auditor that is both competent and objective. The independent auditor wants to assign tasks for the internal auditor to perform. Under these circumstances, the independent auditor may A) Allow the internal auditor to perform tests of internal controls. B) Allow the internal auditor to audit a major subsidiary of the company. C) Not assign any task to the internal auditor because of the internal auditor's lack of independence. D) Allow the internal auditor to perform analytical procedures, but not be involved with any tests of details. 16. Accepting an engagement to compile a financial projection most likely would be inappropriate if the projection is to be distributed to A) The entity's principal stockholder, to the exclusion of the other stockholders. B) Potential stockholders in an offering statement. C) A financial institution in a loan application. D) A state or federal regulatory agency. 17. Before accepting an engagement to audit a new client, a CPA is required to obtain A) An assessment of fraud risk factors likely to cause material misstatements. B) An understanding of the prospective client's industry and business. C) The prospective client's signature to a written engagement letter. D) The prospective client's consent to make inquiries of the predecessor, if any. 18. Which of the following actions should a CPA firm take to comply with the AICPA's quality control standards? A) Establish procedures that comply with the standards of the Sarbanes-Oxley Act. B) Use attributes sampling techniques in testing internal controls. C) Consider inherent risk and control risk before determining detection risk. D) Establish policies to ensure that the audit work meets applicable professional standards.

19. Which of the following factors most likely would assist an independent auditor in assessing the objectivity of the internal auditor ? A) The organizational status of the director of internal audit. B) The professional certifications of the internal audit staff. C) The consistency of the internal audit reports with the results of work performed. D) The appropriateness of internal audit conclusions in the circumstances. 20. An accountant is required to comply with the provisions of Statements on Standards for Accounting and Review Services when I. Reproducing client-prepared financial statements, without modification, as an accommodation to a client. II. Preparing standard monthly journal entries for depreciation and expiration of prepaid expenses. A) I only. B) II only. C) Both I and II. D) Neither I nor II. 21. Which of the following situations represents a risk factor that relates to misstatements arising from misappropriation of assets? A) A high turnover of senior management. B) A lack of independent checks. C) A strained relationship between management and the predecessor auditor. D) An inability to generate cash flow from operations. 22. Which of the following actions should an accountant take when engaged to compile a company's financial statements in accordance with Statements on Standards for Accounting and Review Services (SSARS)? A) Perform analytical procedures. B) Express negative assurance on the financial statements. C) Make management inquiries and examine internal controls. D) Perform the engagement even though independence is compromised. 23. In evaluating the reasonableness of an entity's accounting estimates, an auditor most likely concentrates on key factors and assumptions that are A) Stable and not sensitive to variation. B) Objective and not susceptible to bias. C) Deviations from historical patterns. D) Similar to industry guidelines. 24. In using the work of a specialist, an auditor may refer to the specialist in the auditor's report if, as a result of the specialist's findings, the auditor A) Desires to disclose the specialist's findings, which imply that a more thorough audit was performed.

B) Makes suggestions to management that are likely to improve the entity's internal control. C) Corroborates another specialist's findings that were consistent with management's assertions. D) Adds an explanatory paragraph to the auditor's report to emphasize an unusually important subsequent event. 25. Which of the following is an element of a CPA firm's quality control policies and procedures applicable to the firm's accounting and auditing practice? A) Information processing. B) Engagement performance. C) Technology selection. D) Professional skepticism. 26. When providing limited assurance that the financial statements of a nonissuer require no material modifications to be in accordance with GAAP, the accountant should A) Assess the risk of material misstatement in the financial statements due to fraud. B) Perform tests of controls to evaluate the effectiveness of the controls. C) Understand the accounting principles of the industry in which the entity operates. D) Communicate with the audit committee regarding material weaknesses in internal control. 27. In assessing the competence of internal auditors, an independent CPA most likely would obtain information about the A) Influence of management on the scope of the internal auditors' duties. B) Policies limiting internal auditors from communicating with the audit committee. c) Quality of the internal auditors' working paper documentation. D) Entity's ability to continue as a going concern for a reasonable period of time. 28. Detection risk differs from both control risk and inherent risk in that detection risk A) Exists independently of the financial statement audit. B) Can be changed at the auditor's discretion. C) Arises from risk factors relating to fraud. D) Should be assessed in nonquantitative terms. 29. The phrase "generally accepted accounting principles" is an accounting term that A) Includes broad guidelines of general application but not detailed practices and procedures. B) Encompasses the conventions, rules, and procedures necessary to define accepted accounting practice at a particular time. C) Provides a measure of conventions, rules, and procedures governed by the AICPA. D) Is included in the audit report to indicate that the audit has been conducted in accordance with generally accepted auditing standards (GAAS). 30. Which of the following circumstances would permit an independent auditor to accept an engagement after the close of the fiscal year?

A) Issuance of a disclaimer of opinion as a result of inability to conduct certain tests required by generally accepted auditing standards due to the timing of acceptance of the engagement. B) Assessment of control risk below the maximum level. C) Receipt of an assertion from the preceding auditor that the entity will be able to continue as a going concern. D) Remedy of limitations resulting from accepting the engagement after the close of the end of the year, such as those relating to the existence of physical inventory. 31. An accountant is required to comply with the provisions of the Statements on Standards for Accounting and Review Services when performing which of the following tasks? A) Preparing monthly journal entries. B) Providing the client with software to generate financial statements. C) Generating financial statements of a nonissuer. D) Providing a blank financial statement format or template. 32. Quality control policies and procedures that are established to decide whether to accept a new client should provide the CPA firm with reasonable assurance that A) The CPA firm's duty to the public concerning the acceptance of new clients is satisfied. B) The likelihood of associating with clients whose management lacks integrity is minimized. C) Client-prepared schedules that are necessary for the engagement are completed on a timely basis. D) Sufficient corroborating evidence to support the financial statement assertions is available. 33. An auditors engagement letter most likely would include A) Managements acknowledgment of its responsibility for maintaining effective internal control. B) The auditors preliminary assessment of the risk factors relating to misstatements arising from fraudulent financial reporting. C) A reminder that management is responsible for illegal acts committed by employees. D) A request for permission to contact the clients lawyer for assistance in identifying litigation, claims, and assessments. 34. Which of the following procedures most likely would assist an auditor in determining whether management has identified all accounting estimates that could be material to the financial statements? A) Inquire about the existence of related party transactions. B) Determine whether accounting estimates deviate from historical patterns. C) Confirm inventories at locations outside the entity. D) Review the lawyers letter for information about litigation. 35.Which of the following auditor concerns most likely could be so serious that the auditor concludes that a financial statement audit cannot be performed? A) Management fails to modify prescribed internal controls for changes in information technology. B) Internal control activities requiring segregation of duties are rarely monitored by management.

C) Management is dominated by one person who is also the majority stockholder. D) There is a substantial risk of intentional misapplication of accounting principles. 36. 12. Which of the following factors would a CPA ordinarily consider in the planning stage of an audit engagement? I. Financial statement accounts likely to contain a misstatement. II. Conditions that require extension of audit tests. A) I only. B) II only. C) Both I and II. D) Neither I nor II. 37. A CPA is required to comply with the provisions of Statements on Standards for Attestation Engagements (SSAE) when engaged to A) Report on financial statements that the CPA generated through the use of computer software. B) Review managements discussion and analysis (MD&A) prepared pursuant to rules and regulations adopted by the SEC. C) Provide the client with a financial statement format that does not include dollar amounts. D) Audit financial statements that the client prepared for use in another country. 38. Which of the following characteristics most likely would be indicative of check kiting? A) High turnover of employees who have access to cash. B) Many large checks that are recorded on Mondays. C) Low average balance compared to high level of deposits. D) Frequent ATM checking account withdrawals. 39. In assessing the objectivity of internal auditors, the independent CPA who is auditing the entitys financial statements most likely would consider the A) Internal auditing standards developed by The Institute of Internal Auditors. B) Tests of internal control activities that could detect errors and fraud. C) Materiality of the accounts recently inspected by the internal auditors. D) Results of the tests of transactions recently performed by the internal auditors. 40. Which of the following statements is correct concerning an auditor's responsibilities regarding financial statements? A) An auditor may not draft an entity's financial statements based on information from management's accounting system. B) The adoption of sound accounting policies is an implicit part of an auditor's responsibilities. C) An auditor's responsibilities for audited financial statements are confined to the expression of the auditor's opinion. D) Making suggestions that are adopted about an entity's internal control environment impairs an auditor's independence.

41. Which of the following factors most likely would cause an auditor to question the integrity of management? A) Management has an aggressive attitude toward financial reporting and meeting profit goals. B) Audit tests detect material fraud that was known to management, but not disclosed to the auditor. C) Managerial decisions are dominated by one person who is also a stockholder. D) Weaknesses in internal control reported to the audit committee are not corrected by management. 42. Which of the following factors most likely would cause a CPA not to accept a new audit engagement? A) The prospective client's unwillingness to permit inquiry of its legal counsel. B) The inability to review the predecessor auditor's working papers. C) The CPA's lack of understanding of the prospective client's operations and industry. D) The indications that management has not investigated employees in key positions before hiring them. 43. A document in an auditor's working papers includes the following statement: "Our audit is subject to the inherent risk that material errors and fraud, including defalcations, ifBthey exist, will not be detected. However, we will inform you of fraud that comes to our attention, unless it is inconsequential." The above passage is most likely from a(an) A) Comfort letter. B) Engagement letter. C) Letter of audit inquiry. D) Representation letter. 44. During the initial planning phase of an audit, a CPA most likely would A) Identify specific internal control activities that are likely to prevent fraud. B) Evaluate the reasonableness of the client's accounting estimates. C) Discuss the timing of the audit procedures with the client's management. D) Inquire of the client's attorney as to whether any unrecorded claims are probable of assertion. 45.Which of the following should be the first step in reviewing the financial statements of a nonpublic entity? A) Comparing the financial statements with statements for comparable prior periods and with anticipated results. B) Completing a series of inquiries concerning the entity's procedures for recording, classifying, and summarizing transactions. C) Obtaining a general understanding of the entity's organization, its operating characteristics, and its products or services. D) Applying analytical procedures designed to identify relationships and individual items that appear to be unusual. 46. Which of the following procedures most likely could assist an auditor in identifying related party transactions? A) Performing tests of controls concerning the segregation of duties.

B) Evaluating the reasonableness of management's accounting estimates. C) Reviewing confirmations of compensating balance arrangements. D) Scanning the accounting records for recurring transactions. 47. Which of the following procedures would least likely result in the discovery of possible illegal acts? A) Reading the minutes of the board of directors' meetings. B) Making inquiries of the client's management. C) Performing tests of details of transactions. D) Reviewing an internal control questionnaire. 48. Which of the following procedures would an auditor ordinarily perform first in evaluating the reasonableness of management's accounting estimates? A) Review transactions occurring prior to the completion of field work that indicate variations from expectations. B) Compare independent expectations with recorded estimates to assess management's process. C) Obtain an understanding of how management developed its estimates. D) Analyze historical data used in developing assumptions to determine whether the process is consistent. 49. An accountant had begun to audit the financial statements of a nonpublic entity. Which of the following circumstances most likely would be considered a reasonable basis for agreeing to the entity's request to change the engagement to a compilation? A) The entity's management does not provide the accountant with a signed representation letter. B) The accountant is prohibited from corresponding with the entity's legal counsel. C) The entity's principal creditors no longer require the entity to furnish audited financial statements. D) The accountant is prevented from examining the minutes of the board of directors' meetings. 50. A CPA wishes to determine how various publicly-held companies have complied with the disclosure requirements in a Statement of Financial Accounting Standards. Which of the following information sources would the CPA most likely consult for this information? A) AICPA Accounting Trends & Techniques. B) FASB Technical Bulletins. C) AICPA Audit and Accounting Manual. D) FASB Statements of Financial Accounting Concepts. 51. The primary purpose of establishing quality control policies and procedures for deciding whether to accept new clients is to A) Minimize the likelihood of association with clients whose management lacks integrity. B) Monitor significant deficiencies in the design and operation of the client's internal control. C) Identify noncompliance with aspects of contractual agreements that affect the financial statements. D) Provide reasonable assurance that personnel will be adequately trained to fulfill their assigned responsibilities.

52. An auditors engagement letter most likely would include a statement regarding A) Management's responsibility to provide certain written representations to the auditor. B) Conditions under which the auditor may modify the preliminary judgment about materiality. C) Internal control activities that would reduce the auditor's assessment of control risk. D) Materiality matters that could modify the auditors preliminary assessment of fraud risk. 53. A successor auditor should make specific and reasonable inquiries of the predecessor auditor regarding the predecessor's A) Understanding of the reasons for the change in auditors. B) Methodology used in applying sampling techniques. C) Opinion on subsequent events that have occurred since the balance sheet date. D) Perception of the competency and reliance on the client's internal audit function. 54. Which of the following activities would most likely be considered an attestation engagement? A) Consulting with management representatives of a firm to provide advice. B) Issuing a report about a firm's compliance with laws and regulations. C) Advocating a client's position on tax matters that are being reviewed by the IRS. D) Preparing a client's tax returns. 55. An auditor reviews a client's accounting policies and procedures when considering which of the following planning matters? A) Method of sampling to be used. B) Preliminary judgments about materiality levels. C) Nature of reports to be rendered. D) Understanding the client's operations and business. 56. To which of the following matters would materiality limits not apply when obtaining written client representations? A) Violations of state labor regulations. B) Disclosure of line-of-credit arrangements. C) Information about related party transactions. D) Instances of fraud involving management. 57. Prior to commencing field work, an auditor usually discusses the general audit strategy with the client's management. Which of the following details do management and the auditor usually agree upon at this time? A) The specific matters to be included in the communication with the audit committee. B) The minimum amount of misstatements that may be considered to be reportable conditions. C) The schedules and analyses that the client's staff should prepare. D) The effects that inadequate controls may have over the safeguarding of assets.

58. In assessing the competence of a client's internal auditor, an independent auditor most likely would consider the A) Internal auditor's compliance with professional internal auditing standards. B) Client's policies that limit the internal auditor's access to management salary data. C) Evidence supporting a further reduction in the assessed level of control risk. D) Results of ratio analysis that may identify unusual transactions and events. 59. Which of the following is a professional engagement that a CPA may perform to provide assurance on a system's reliability? A) MAS AssurAbility. B) CPA WebMaster. C) MAS AttestSure. D) CPA SysTrust. 60. An auditor is required to establish an understanding with a client regarding the services to be performed for each engagement. This understanding generally includes A) The auditor's responsibility for determining the preliminary judgments about materiality and audit risk factors. B) Management's responsibility for identifying mitigating factors when the auditor has doubt about the entity's ability to continue as a going concern. C) The auditor's responsibility for ensuring that the audit committee is aware of any reportable conditions that come to the auditor's attention. D) Management's responsibility for providing the auditor with an assessment of the risk of material misstatement due to fraud. 61. A successor auditor is required to attempt communication with the predecessor auditor prior to A) Performing test of controls. B) Testing beginning balances for the current year. C) Making a proposal for the audit engagement. D) Accepting the engagement. 62. If the business environment is experiencing a recession, the auditor most likely would focus increased attention on which of the following accounts? A) Purchase returns and allowances. B) Allowance for doubtful accounts. C) Common stock. D) Noncontrolling interest of a subsidiary purchased during the year. 63. The scope of audits of recipients of federal financial assistance in accordance with federal audit regulations varies. Which of the following elements do these audits have in common? A) The auditor is required to disclose all situations and transactions that could be indicative of fraud, abuse, and illegal acts to the federal inspector general.

B) The materiality levels are higher and are determined by the government entities that provide the federal financial assistance to the recipients. C) The auditor is required to document an understanding of internal control established to ensure compliance with the applicable laws and regulations. D) The accounts should be 100% verified by substantive tests because certain statistical sampling applications are not permitted. 64. Which of the following procedures is usually the first step in reviewing the financial statements of a nonpublic entity? A) Make preliminary judgments about risk and materiality to determine the scope and nature of the procedures to be performed. B) Obtain a general understanding of the entity's organization, its operating characteristics, and its products or services. C) Assess the risk of material misstatement arising from fraudulent financial reporting and the misappropriation of assets. D) Perform a preliminary assessment of the operating efficiency of the entity's internal control activities. 65. Which of the following circumstances would an auditor most likely consider a risk factor relating to misstatements arising from fraudulent financial reporting? A) Several members of management have recently purchased additional shares of the entity's stock. B) Several members of the board of directors have recently sold shares of the entity's stock. C) The entity distributes financial forecasts to financial analysts that predict conservative operating results. D) Management is interested in maintaining the entity's earnings trend by using aggressive accounting practices. 66. Which of the following events most likely would indicate the existence of related parties? A) Granting stock options to key executives at favorable prices. B) High turnover of senior management and members of the board of directors. C) Failure to correct internal control weaknesses on a timely basis. D) Selling real estate at a price significantly different from appraised value. 67. Management's emphasis on meeting projected profit goals most likely would significantly influence an entity's control environment when A) Internal auditors have direct access to the entity's board of directors. B) A significant portion of management compensation is represented by stock options. C) External policies established by parties outside the entity affect accounting policies. D) The audit committee is active in overseeing the entity's financial reporting policies. 68. Which of the following factors most likely would lead a CPA to conclude that a potential audit engagement should not be accepted? A) There are significant related party transactions that management claims occurred in the ordinary course

of business. B) Internal control activities requiring the segregation of duties are subject to management override. C) Management continues to employ an inefficient system of information technology to record financial transactions. D) It is unlikely that sufficient competent evidence is available to support an opinion on the financial statements. 69. In evaluating an entitys accounting estimates, one of the auditors objectives is to determine whether the estimates are A) Prepared in a satisfactory control environment. B) Consistent with industry guidelines. C) Based on verifiable objective assumptions. D) Reasonable in the circumstances. 70. Which of the following categories is included in generally accepted auditing standards? A) Standards of review. B) Standards of planning. C) Standards of field work. D) Standards of evidence. 71. Which of the following statements is correct regarding a review engagement of a nonpublic company's financial statements performed in accordance with the Statements on Standards for Accounting and Review Services (SSARs)? A) An accountant must establish an understanding with the client in an engagement letter. B) An accountant must obtain an understanding of the client's internal control when performing a review. C) A review provides an accountant with a basis for expressing limited assurance on the financial statements. D) A review report contains an accountant's opinion of the financial statements taken as a whole. 72. Which of the following describes how the objective of a review of financial statements differs from the objective of a compilation engagement? A) The primary objective of a review engagement is to test the completeness of the financial statements prepared, but a compilation tests for reasonableness. B) The primary objective of a review engagement is to provide positive assurance that the financial statements are fairly presented, but a compilation provides no such assurance. C) In a review engagement, accountants provide limited assurance, but a compilation expresses no assurance. D) In a review engagement, accountants provide reasonable or positive assurance that the financial statements are fairly presented, but a compilation provides limited assurance. 73. Prior to commencing fieldwork, an auditor usually discusses the general audit strategy with the client's management. Which of the following matters does the auditor and management agree upon at this time?

A) The appropriateness of the entity's plans for dealing with adverse economic conditions. B) The determination of the fraud risk factors that exist within the client's operations. C) The control weaknesses to be included in the communication with the audit committee. D) The coordination of the assistance of the client's personnel in data preparation. 74, An auditor's engagement letter most likely would include a statement that A) Lists potential reportable conditions discovered during the prior-year's audit. B) Explains the analytical procedures that the auditor expects to apply. C) Describes the auditor's responsibility to evaluate going-concern issues. D) Limits the auditor's responsibility to detect errors and fraud. 75. Which of the following factors most likely would cause a CPA to decline to accept a new audit engagement? A) The CPA does not understand the entity's operations and industry. B) Management acknowledges that the entity has had recurring operating losses. C) The CPA is unable to review the predecessor auditor's working papers. D) Management is unwilling to permit inquiry of its legal counsel. 76. Which of the following statements is correct concerning materiality in a financial statement audit? A) Analytical procedures performed during an audit's review stage usually decrease materiality levels. B) If the materiality amount used in evaluating audit findings increases from the amount used in planning, the auditor should apply additional substantive tests. C) The auditor's materiality judgments generally involve quantitative, but not qualitative, considerations. D) Materiality levels are generally considered in terms of the smallest aggregate level of misstatement that could be considered material to any one of the financial statements. 77. When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor's best course of action in such situations? A) Assess the control risk as high. B) Use audit software to perform analytical procedures. C) Use generalized audit software to extract evidence from client databases. D) Perform limited tests of controls over electronic data. 78. An auditor intends to use the work of an actuary who has a relationship with the client. Under these circumstances, the auditor A) Is required to disclose the contractual relationship in the auditor's report. B) Should assess the risk that the actuary's objectivity might be impaired. C) Is not permitted to rely on the actuary because of a lack of independence. D) Should communicate this matter to the audit committee as a reportable condition. 79. Which of the following procedures would a CPA most likely perform in the planning stage of a financial statement audit?

A) Obtain representations from management regarding the availability of all financial records. B) Communicate with the audit committee concerning the prior year's audit adjustments. C) Make inquiries of the client's attorney regarding pending and threatened litigation and assessments. D) Compare recorded financial information with anticipated results from budgets and forecasts. 80. A CPA is engaged to examine managements assertion that the entity's schedule of investment returns is presented in accordance with specific criteria. In performing this engagement, the CPA should comply with the provisions of A) Statements on Standards for Accounting and Review Services (SSARS). B) Statements on Auditing Standards (SAS). C) Statements on Standards for Consulting Services (SSCS). D) Statements on Standards for Attestation Engagements (SSAE). 81. Which of the following characteristics most likely would heighten an auditor's concern about the risk of material misstatement arising from fraudulent financial reporting? A) There is a lack of interest by management in maintaining an earnings trend. B) Computer hardware is usually sold at a loss before being fully depreciated. C) Management had frequent disputes with the auditor on accounting matters. D) Monthly bank reconciliations usually include several large checks outstanding. 82. An accountant may accept an engagement to apply agreed-upon procedures to prospective financial statements provided the A) Provisions of Statements on Standards for Accounting and Review Services (SSARS) are followed. B) Accountant also examines the prospective financial statements. C) Distribution of the report is restricted to the specified users. D) The accountant takes responsibility for the adequacy of the procedures performed. 83. Which of the following statements is correct regarding the auditor's consideration of the possibility of illegal acts by clients? A) The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance that no illegal acts have been committed by clients. B) The auditor's training, experience, and understanding of the client should be used to provide a basis for the determination as to whether illegal acts have occurred. C) If specific information concerning an illegal act comes to the auditor's attention, the auditor should apply audit procedures specifically directed to ascertaining whether an illegal act has occurred. D) If an illegal act has occurred, the auditor should express a qualified opinion or an adverse opinion on the financial statements taken as a whole. 1.B 2.D 3.B 4.B 5.B 6.B 7.D 8.B 9.B 10.c 11.D 12.D 13.A 14.A 15.A 16.B 17.D 18.D 19.A 20.D 21.B 22.D 23.C 24.D 25.B 26.C 27.C 28.B 29.B 30.D 31.C 32.B 33.A 34.D 35.D 36.C 37.B 38.C 39.A 40.C 41.B 42.A 43.B 44.C 45.C 46.C 47.D 48.C 49.C 50.A 51.A 52.A 53.A 54.B 55.D 56.D 57.C 58.A 59.D

60.C 61.D 62.B 63.C 64.B 65.D 66.D 67.B 68.D 69.D 70.C 71.C 72.C 73.D 74.D 75.D 76.D 77.C 78.B 79.D 80. D 81.C 82.C 83.C

Auditing and Attestation 2: Understanding the Entity and Its Environment (including Internal Control) Internal Control Introduction
In accounting and auditing, internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal control procedures reduce process variation, leading to more predictable outcomes. Internal control is a key element of the Foreign Corrupt Practices Act (FCPA) of 1977 and the SarbanesOxley Act of 2002, which required improvements in internal control in United States public corporations. Internal controls within business entities are also referred to as operational controls. Definitions There are many definitions of internal control, as it affects the various constituencies (stakeholders) of an organization in various ways and at different levels of aggregation.Under the COSO Internal ControlIntegrated Framework, a widely-used framework in not only the United States but around the world, internal control is broadly defined as a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a) Effectiveness and efficiency of operations; b) Reliability of financial reporting; and c) Compliance with laws and regulations. COSO defines internal control as having five components:

1. Control Environment-sets the tone for the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control. 2. Risk Assessment-the identification and analysis of relevant risks to the achievement of objectives, forming a basis for how the risks should be managed 3. Information and Communication-systems or processes that support the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities 4. Control Activities-the policies and procedures that help ensure management directives are carried out. 5. Monitoring-processes used to assess the quality of internal control performance over time. The COSO definition relates to the aggregate control system of the organization, which is composed of many individual control procedures. Discrete control procedures, or controls are defined by the SEC as: "...a specific set of policies, procedures, and activities designed to meet an objective. A control may exist within a designated function or activity in a process. A controls impact...may be entity-wide or specific to an account balance, class of transactions or application. Controls have unique characteristics for example, they can be: automated or manual; reconciliations; segregation of duties; review and approval authorizations; safeguarding and accountability of assets; preventing or detecting error or fraud. Controls within a process may consist of financial reporting controls and operational controls (that is, those designed to achieve operational objectives)." Context More generally, setting objectives, budgets, plans and other expectations establish criteria for control. Control itself exists to keep performance or a state of affairs within what is expected, allowed or accepted. Control built within a process is internal in nature. It takes place with a combination of interrelated components - such as social environment effecting behavior of employees, information necessary in control, and policies and procedures. Internal control structure is a plan determining how internal control consists of these elements. The concepts of corporate governance also heavily rely on the necessity of internal controls. Internal controls help ensure that processes operate as designed and that risk responses (risk treatments) in risk management are carried out. In addition, there needs to be in place circumstances ensuring that the aforementioned procedures will be performed as intended: right attitudes, integrity and competence, and monitoring by managers. Roles and responsibilities in internal control According to the COSO Framework, everyone in an organization has responsibility for internal control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed to affect control. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with the code of conduct, or other policy violations or illegal

actions. Each major entity in corporate governance has a particular role to play: Management: The Chief Executive Officer (the top manager) of the organization has overall responsibility for designing and implementing effective internal control. More than any other individual, the chief executive sets the "tone at the top" that affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive fulfills this duty by providing leadership and direction to senior managers and reviewing the way they're controlling the business. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and procedures to personnel responsible for the unit's functions. In a smaller entity, the influence of the chief executive, often an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control activities cut across, as well as up and down, the operating and other units of an enterprise. Board of Directors: Management is accountable to the board of directors, which provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive. They also have a knowledge of the entity's activities and environment, and commit the time necessary to fulfill their board responsibilities. Management may be in a position to override controls and ignore or stifle communications from subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong, active board, particularly when coupled with effective upward communications channels and capable financial, legal and internal audit functions, is often best able to identify and correct such a problem. Auditors: The internal auditors and external auditors of the organization also measure the effectiveness of internal control through their efforts. They assess whether the controls are properly designed, implemented and working effectively, and make recommendations on how to improve internal control. They may also review Information technology controls, which relate to the IT systems of the organization. There are laws and regulations on internal control related to financial reporting in a number of jurisdictions. In the U.S. these regulations are specifically established by Sections 404 and 302 of the Sarbanes-Oxley Act. Guidance on auditing these controls is specified in PCAOB Auditing Standard No. 5 and SEC guidance, further discussed in SOX 404 top-down risk assessment. To provide reasonable assurance that internal controls involved in the financial reporting process are effective, they are tested by the external auditor (the organization's public accountants), who are required to opine on the internal controls of the company and the reliability of its financial reporting. Limitations Internal control can provide reasonable, not absolute, assurance that the objectives of an organization will be met. The concept of reasonable assurance implies a high degree of assurance, constrained by the costs and benefits of establishing incremental control procedures. Effective internal control implies the organization generates reliable financial reporting and substantially complies with the laws and regulations that apply to it. However, whether an organization achieves operational and strategic objectives may depend on factors outside the enterprise, such as competition or technological innovation. These factors are outside the scope of internal control; therefore, effective

internal control provides only timely information or feedback on progress towards the achievement of operational and strategic objectives, but cannot guarantee their achievement. Describing Internal Controls Internal controls may be described in terms of: a) the objective they pertain to; and b) the nature of the control activity itself. Objective categorization Internal control activities are designed to provide reasonable assurance that particular objectives are achieved, or related progress understood. The specific target used to determine whether a control is operating effectively is called the control objective. Control objectives fall under several detailed categories; in financial auditing, they relate to particular financial statement assertions, but broader frameworks are helpful to also capture operational and compliance aspects: 1. Existence (Validity): Only valid or authorized transactions are processed (i.e., no invalid transactions) 2. Occurrence (Cutoff): Transactions occurred during the correct period or were processed timely. 3. Completeness: All transactions are processed that should be (i.e., no omissions) 4. Valuation: Transactions are calculated using an appropriate methodology or are computationally accurate. 5. Rights & Obligations: Assets represent the rights of the company, and liabilities its obligations, as of a given date. 6. Presentation & Disclosure (Classification): Components of financial statements (or other reporting) are properly classified (by type or account) and described. 7. Reasonableness-transactions or results appears reasonable relative to other data or trends. For example, a control objective for the accounts payable function may be stated as: "Payments are made only for authorized products and services received." This is a validity objective. A typical control procedure designed to achieve this objective is: "The accounts payable system compares the purchase order, receiving record, and vendor invoice prior to authorizing payment." Multiple controls may be applicable to achieve a given control objective with a reasonable level of assurance. Management is responsible for implementing appropriate controls that apply to transactions in their areas of responsibility. Internal auditors perform their audits to evaluate whether the controls are designed and implemented effectively to address the relevant objectives. Activity categorization Control activities may also be explained by the type or nature of activity. These include (but are not limited to):

Segregation of duties - separating authorization, custody, and record keeping roles of fraud or error by one person.

Authorization of transactions - review of particular transactions by an appropriate person. Retention of records - maintaining documentation to substantiate transactions. Supervision or monitoring of operations - observation or review of ongoing operational activity. Physical safeguards - usage of cameras, locks, physical barriers, etc. to protect property, such as merchandise inventory. Top-level reviews-analysis of actual results versus organizational goals or plans, periodic and regular operational reviews, metrics, and other key performance indicators (KPIs). IT Security - usage of passwords, access logs, etc. to ensure access restricted to authorized personnel. Top level reviews-Management review of reports comparing actual performance versus plans, goals, and established objectives. Controls over information processing-A variety of control activities are used in information processing. Examples include edit checks of data entered, accounting for transactions in numerical sequences, comparing file totals with control accounts, and controlling access to data, files and programs.

Control precision Control precision describes the alignment or correlation between a particular control procedure and a given control objective or risk. A control with direct impact on the achievement of an objective (or mitigation of a risk) is said to be more precise than one with indirect impact on the objective or risk. Precision is distinct from sufficiency; that is, multiple controls with varying degrees of precision may be involved in achieving a control objective or mitigating a risk. Precision is an important factor in performing a SOX 404 top-down risk assessment. After identifying specific financial reporting material misstatement risks, management and the external auditors are required to identify and test controls that mitigate the risks. This involves making judgments regarding both precision and sufficiency of controls required to mitigate the risks. Risks and controls may be entity-level or assertion-level under the PCAOB guidance. Entity-level controls are identified to address entity-level risks. However, a combination of entity-level and assertion-level controls are typically identified to address assertion-level risks. The PCAOB set forth a three-level hierarchy for considering the precision of entity-level controls. Later guidance by the PCAOB regarding small public firms provided several factors to consider in assessing precision. Fraud and internal control Internal control plays an important role in the prevention and detection of fraud. Under the SarbanesOxley Act, companies are required to perform a fraud risk assessment and assess related controls. This typically involves identifying scenarios in which theft or loss could occur and determining if existing control procedures effectively manage the risk to an acceptable level. The risk that senior management might override important financial controls to manipulate financial reporting is also a key area of focus in fraud risk assessment. The AICPA, IIA, and ACFE also sponsored a guide published during 2008 that includes a framework for helping organizations manage their fraud risk.

Internal Controls and Improvement If the internal control system is implemented only to prevent fraud and comply with laws and regulations, then an important opportunity is missed. The same internal controls can also be used to systematically improve businesses, particularly in regard to effectiveness and efficiency. Continuous Controls Monitoring Advances in technology and data analysis have led to the development of numerous tools which can automatically evaluate the effectiveness of internal controls. Used in conjunction with continuous auditing, continuous controls monitoring provides assurance on financial information flowing through the business processes.

Audit Risk
Audit risk(also referred to as residual risk) Refers to the risk that an auditor may issue unqualified report due to auditors failure to detect material misstatement either due to error or fraud. This risk is composed of inherent risk (IR), control risk (CR) and detection risk (DR), and can be calculated thus: AR = IR CR DR where... IR is inherent risk, CR is control risk and DR detection risk. IR refers to the risk involved in the nature of business or transaction. Example, where transactions involving exchange of cash may have higher IR than transactions involving settlement by cheques. CR refers to the risk that a misstatement could occur but may not be detected and corrected or prevented by entity's internal control mechanism. DR is the probability that the audit procedures may fail to detect existence of a material error or fraud. While CR depends on the strength or weakness of the internal control procedures, DR is either due to sampling error or human factors. Solving for DR Detection risk has to be restricted and occurs when the correct audit procedure is used or the audit procedure is used incorrectly. The auditor assesses the inherent risk and control risk and then solves the audit risk by assigning detection risk to reduce the audit risk to an acceptable amount. The major elements of detection risk are misapplying an audit procedure, misinterpreting audit results, and selecting the wrong audit test method. To solve for the detection risk: DR = AR/ (IR x CR) or DR = AR/RMM From the result of solving this equation, it is understood that if the detection risk is low, the auditor must collect additional appropriate evidence and the detection risk is high, the less evidence is needed. Since detection risk is a function of the effectiveness of the audit procedures performed, detection risk is the only risk that is completely a function of sufficiency of the procedures performed by the auditors. The

audit evidence that the auditor collects must be sufficient and appropriate. Sufficiency is the measure of quantity of audit evidence that must be obtained and appropriateness is the measure of quality of audit evidence obtained. The audit evidence has to be both reliable and relevant in order for it to affect the detection risk. Implementing the model The reason for using the audit risk model is to help prevent the risk of fraud and misstatements. When an auditor audits a company, their main objective is to provide the best assurance possible that the financial statements do not contain material mistakes. This will help the future decisions made by the company and its current and future investors. The audit risk model is used to help the auditor determine which auditing procedures for accounts or transactions shown on the financial statements are used to help decrease the audit risk to an appropriate level. The financial statements consist of the income statements, balance sheet, and statement of cash flows. The income statements show the companys operating performance, from the accounts of revenues, expenses, and net income. The balance sheet shows a companys assets, liabilities, and owners equity and the statement of cash flows shows the companys cash and cash payments. These are important to look over this information because it is not always trusted. These financial statements may be inaccurate and auditors may need to find additional information to make sure that the information provided by these financial statements is reliable. Auditors might have a situation where the client impeded the ability for the auditor to assess the financial statement. This situation will increase audit risk and the auditor responses in two ways, that is; the auditor issues an adverse opinion when it is not warranted or an unqualified opinion when it is not warranted. Risk of Material Misstatement RMM = IR x CR Risks of material misstatement at the financial statement level relate pervasively to the financial statements as a whole and potentially affect many assertions. Risks of material misstatement at the financial statement level may be especially relevant to the auditor's consideration of the risk of material misstatement due to fraud. For example, an ineffective control environment, a lack of sufficient capital to continue operations, and declining conditions affecting the company's industry might create pressures or opportunities for management to manipulate the financial statements, leading to higher risk of material misstatement. Risks of material misstatement at the assertion level are consisted of two components, that is; inherent risk and control risk. Inherent risk refers to the susceptibility of an assertion to a misstatement due to error or fraud that could be material, individually or in combination with other misstatements, before consideration of any related controls. Control risk is the risk that a misstatement due to error or fraud that could occur in an assertion and that could be material, individually or in combination with other misstatements, will not be prevented or detected on a timely basis by the company's internal control. Control risk is a function of the effectiveness of the design and operation of internal control. Inherent risk and control risk are related to the company, its environment, and its internal control, and the auditor assesses those risks based on evidence he or she obtains. The auditor assesses inherent risk using information obtained from performing risk assessment procedures and considering the characteristics of the accounts and disclosures in the financial statements. The auditor assesses control risk using evidence

obtained from tests of controls and from other sources. There is an inverse relationship between RMM and detection risk which is the risk that auditors will not detect a misstatement. If RMM increases, this means that the auditor will do more substantive testing and this leads to a decrease of the detection risk. If RMM decreases, this means the auditor will not do as much testing and the detection risk will increase because limited testing will increase the chances of the auditor missing something. Limitations of the Audit Risk Model Standard setters developed the audit risk model as a planning tool. However, the model has a number of limitations that must be considered by auditors and their firms when the model is used to revise an audit plan or to evaluate audit results. In those instances, the actual or achieved level of audit risk may be smaller or greater than the audit risk indicated by the formula. This can occur because the auditor assesses the risk of material misstatement and such an assessment may be higher or lower than the actual risk of material misstatement that exists for the client. Inaccurate assessments are likely to result in a flawed determination of detection risk. Thus, the desired level of audit risk may not actually be achieved. In addition, the audit risk model also does not specifically consider non sampling risk. The audit risk model has some limitations that make its actual implementation difficult. CPA firms in determining their approach to implementing the model have considered the following limitations: Inherent risk is difficult to formally assess. Some transactions are more susceptible to error, but it is difficult to assess that level of risk independent of the clients accounting system. Audit risk is judgmentally determined. Many auditors set audit risk at a nominal level, such as 5%. However, no firm could survive if 5% of its audits were in error. Audit risk on most engagements is much lower than 5% because of conservative assumptions that take place when inherent risk is assessed at the maximum. Setting inherent risk at 100% implies that every transaction is initially recorded in error. It is very rare that every transaction would be in error. Because such a conservative assessment leads to more audit work, the real level of audit risk will be significantly less than 5%. The model treats each risk component as separate and independent when in fact the components are not independent. It is difficult to separate an organizations internal controls and inherent risk. Audit technology is not so precisely developed that each component of the model can be accurately assessed. Auditing is based on testing; precise estimates of the models components are not possible. Auditors can, however, make subjective assessments and use the audit risk model as a guide. The model is not particularly useful for helping auditors determine the necessary control testing for issuing an opinion on the effectiveness of internal controls as is be required in an integrated audit. While the audit risk model has limitations, it serves as an important tool that auditors can use for planning an audit engagement. Historical Perspective of the Model in GAAS The audit risk model is codified in GAAS in SAS No. 47. The ASB issued SAS No. 47 in 1983, and it was amended in 1997 by SAS No.82, Consideration of Fraud in a Financial Statement Audit. Prior to SAS No. 47, many auditors employed some of the models concepts in practice, albeit they were not explicitly codified and embedded in GAAS. There is, however, no clear record of exactly what practice was in this area prior to SAS No. 47. Generally, it is believed that, while auditors judgments entered into the audit process, many auditors employed procedural approaches that were not fully supported by strict conceptual underpinnings. In other words, audits tended to be conducted using a variety of substantive testing approaches with less reliance on judgments about risk. Testing of internal control, primarily by

testing individual transactions, was common and sometimes extensive. Since 1984, auditors have been required to follow SAS No. 47; in other words, they have been required to employ the audit risk model. Notwithstanding this requirement, anecdotal and other evidence indicates that many (but by no means all) audits continue to be performed using substantive testing approaches with little or no attention paid to the results of the risk assessments called for by the model. This phenomenon perhaps is facilitated by the fact that the model permits defaulting to an assumption that risks are at a maximum level. Based on the auditors assessment of various risks and any tests of controls, the auditor makes judgments about the kinds of evidence (from sources that are internal or external to the clients organization) needed to achieve reasonable assurance. On the one hand, GAAS set forth numerous requirements or matters that auditors should consider when exercising audit judgment. IAASB The IAASB believes the Audit Risk Standards will increase audit quality as a result of better risk assessments through a more detailed understanding of the entity and its environment, including its internal control, and improved design and performance of audit procedures to respond to assessed risks of material misstatements. The improved linkage of audit procedures and assessed risks is expected to result in a greater concentration of audit effort on areas where there is a greater risk of material misstatement. The approved Standards are: ISA 500 (Revised), Audit Evidence, ISA 315, Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement, ISA 330, The Auditor's Procedures in Response to Assessed Risks, An addition to ISA 200, Objective and General Principles Governing an Audit of Financial Statements The approved Standards replace the following existing ISAs: ISA 310, Knowledge of the Business, ISA 400, Risk Assessments and Internal Control, ISA 401, Auditing in a Computer Information Systems Environment The scope of each of the Audit Risk Standards is reflected in the introduction to the Standard, Addition to ISA 200 - Explains the basic audit risk model, ISA 500 (Revised) - Standards and guidance on what constitutes audit evidence, the sufficiency and appropriateness of audit evidence obtained the auditor's use of assertions, and the auditor's procedures for obtaining audit evidence, ISA 315 - Standards and guidance on obtaining an understanding of the entity and its environment, including its internal control, and on assessing risks of material misstatement, ISA 330 - Standards and guidance on determining overall responses to assessed risks at the financial statement level and on designing and performing further audit procedures to respond to assessed risks of material misstatements at the assertions level.

Consideration of Fraud Introduction

In criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation. Defrauding people or entities of money or valuables is a common purpose of fraud, but there have also been fraudulent "discoveries", e.g., in science, to gain prestige rather than immediate monetary gain. Common law fraud has nine elements:

1. a representation of an existing fact; 2. its materiality; 3. its falsity; 4. the speaker's knowledge of its falsity; 5. the speaker's intent that it shall be acted upon by the plaintiff; 6. plaintiff's ignorance of its falsity; 7. plaintiff's reliance on the truth of the representation; 8. plaintiff's right to rely upon it; and 9. consequent damages suffered by plaintiff. Most jurisdictions in the United States require that each element be pled with particularity and be proved with clear, cogent, and convincing evidence (very probable evidence) to establish a claim of fraud. The measure of damages in fraud cases is to be computed by the "benefit of bargain" rule, which is the difference between the value of the property had it been as represented, and its actual value. Special damages may be allowed if shown proximately caused by defendant's fraud and the damage amounts are proved with specificity. Fraud deterrence has gained public recognition and spotlight since the 2002 inception of the SarbanesOxley Act. Of the many reforms enacted through Sarbanes-Oxley, one major goal was to regain public confidence in the reliability of financial markets in the wake of corporate scandals such as Enron, WorldCom and Waste Management. Section 404 of Sarbanes Oxley mandated that public companies have an independent Audit of internal controls over financial reporting. In essence, the intent of the U.S. Congress in passing the Sarbanes Oxley Act was attempting to proactively deter financial misrepresentation (Fraud) in order to ensure more accurate financial reporting to increase investor confidence. This same concept is applied in the discussion of fraud deterrence. Until recently, fraud deterrence has not been specifically identified under one common definition. While it has been discussed by many authoritative sources such as the American Institute of Certified Public Accountants (AICPA) Practice Aid Series, Fraud Detection in a GAAS Audit: SAS No. 99 Implementation Guide, (explicitly) The Committee of Sponsoring Organizations of the Treadway Commission (COSO), Internal Control Integrated Framework, (implicitly) and the National Association of Certified Valuation Analysts Certified Fraud Deterrence Analyst (CFD) designation (recently merged into the Certified Forensic Financial Analyst (CFFA) designation), an actual definition of the term fraud deterrence has been difficult to find. Definition Fraud deterrence is the proactive identification and removal of the causal and enabling factors of fraud. Fraud deterrence is based on the premise that fraud is not a random occurrence; fraud occurs where the conditions are right for it to occur. Fraud deterrence attacks the root causes and enablers of fraud; this analysis could reveal potential fraud opportunities in the process, but is performed on the premise that improving organizational procedures to reduce or eliminate the causal factors of fraud is the single best defense against fraud. Fraud deterrence involves both short term (procedural) and long term (cultural) initiatives.

Fraud deterrence is not earlier fraud detection, and this is often a confusing point. Fraud detection involves a review of historical transactions to identify indicators of a non-conforming transaction. Deterrence involves an analysis of the conditions and procedures that affect fraud enablers, in essence, looking at what could happen in the future given the process definitions in place, and the people operating that process. Deterrence is a preventive measure reducing input factors (Cendrowski, Martin, Petro, The Handbook of Fraud Deterrence). Analogy Deterrence is distinct from remediation and detection. An analogy can be drawn in considering unhealthy weight gain and the actions undertaken in response. Identifying the action(s) that deter unhealthy weight gain is the key to understanding fraud deterrence in this analogy. 1. Working Out = Remediation A person has already gained weight Lessen the amount of weight gain by working out immediately after noticed gain The longer the weight gain goes unnoticed, the more overweight they will become 2. Scale = Early Detection Scale is used to detect weight gain, before it is visibly noticeable Detects nothing unless weight is increasing When the scale reads a higher number, the weight has already been gained 3. Removal of Causal Factors = Deterrence Removal of unhealthy food in diet Removal of habits that perpetuate obesity (i.e. inactivity) Increasing awareness of obesity risks (e.g. health classes in primary education) Deterrence vs. Prevention Deterrence involves eliminating factors that may cause fraud. Fraud Triangle The causal factors that should be removed to deter fraud (as described above) are best described in the Fraud Triangle. The Fraud Triangle describes three factors that are present in every situation of fraud: 1. Motive (or pressure) the need for committing fraud (need for money, etc.); 2. Rationalization the mindset of the fraudster that justifies them to commit fraud; and 3. Opportunity the situation that enables fraud to occur (often when internal controls are weak or nonexistent). Breaking the Fraud Triangle Breaking the Fraud Triangle is the key to fraud deterrence. Breaking the Fraud Triangle implies that an organization must remove one of the elements in the fraud triangle in order to reduce the likelihood of fraudulent activities. Of the three elements, removal of Opportunity is most directly affected by the

system of internal controls and generally provides the most actionable route to deterrence of fraud (Cendrowski, Martin, Petro, The Handbook of Fraud Deterrence). SAS 99 Statement on Auditing Standards No. 99 (SAS 99), Consideration of Fraud in a Financial Statement Audit, was the first major audit standard to be released since the passage of Sarbanes-Oxley (AICPA, Detection in a GAAS Audit: SAS No. 99 Implementation Guide). While the standard was intended to assist auditors in detecting fraud during a financial statement audit, its application was more pervasive. SAS No. 99 has the potential to significantly improve audit quality, not just in detecting fraud, but in detecting all material misstatements and improving the quality of the financial reporting process (AICPA, Fraud Detection in a GAAS Audit: SAS No. 99 Implementation Guide). The SAS 99 Practice Aid discusses fraud deterrence in addition to its primary focus of fraud detection, Because fraud prevention, detection, deterrence are managements responsibility, the new fraud SAS now requires you to determine whether management has designed programs and controls that address identified risks of material misstatement due to fraud and whether those programs and controls have been placed in operation (AICPA, Detection in a GAAS Audit: SAS No. 99 Implementation Guide). In essence, the AICPA has identified that fraud deterrence can be achieved through the implementation of controls and procedures that mitigate (Mitigating Controls) against areas already identified as risk areas. The COSO Model The COSO Internal Control Integrated Framework, (COSO Model) describes five interrelated components of internal control that provide the foundation for fraud deterrence. These elements of internal control are the means for which the Opportunity factors in the Fraud Triangle can be removed to most effectively limit instances of fraud. In fact, The Association of Certified Fraud Examiners (ACFE) 2002 Report to the Nation on Occupational Fraud and Abuse reveals that 46.2% of frauds occur because the victim lacked sufficient controls to prevent the fraud. The five COSO components are: 1. Control Environment The Control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors and owners of an entity about internal control and its importance to the entity. Some subcomponents of the Control environment include: integrity and ethical values; commitment to competence; board of directors or Audit committee participation; managements philosophy and operating style; organizational structure; assignment of authority and responsibility; and human resource policies and practices (Arens, Elder, Beasley, Auditing and Assurance Services). 2. Risk Assessment Risk Assessment is a forward looking survey of the business environment to identify anything that could prevent the accomplishment of organizational objectives. As it relates to fraud deterrence, risk assessment involves the identification of internal and external means that could potentially defeat the organizations internal control structure, compromise an asset, and conceal the actions from management. Risk

assessment is a creative process; it involves identifying as many potential threats as possible, and evaluating them in a way to determine which require action, and the priority for that action (Cendrowski, Martin, Petro, The Handbook of Fraud Deterrence). 3. Control Activities Policies and procedures, in addition to those included in the other four components, that help ensure that necessary actions are taken to address risks in the achievement of the entitys objectives (Arens, Elder, Beasley, Auditing and Assurance Services). "Control procedures are also a prime focus area for fraud deterrence engagements; if control procedures are not adequately defined and consistently enforced within the organization, the opportunity for fraud is introduced (Cendrowski, Martin, Petro, The Handbook of Fraud Deterrence). For asset protection, this typically involves identifying assets within the organization that would be susceptible to fraud, and defining control procedures such that the assets cannot be removed and the removal concealed. Fraud deterrence involves proactively examining these control procedures to verify they are adequately designed and actually functioning within the organization (Cendrowski, Martin, Petro, The Handbook of Fraud Deterrence). Control activities generally fall into the five following specific control activities: 1) adequate separation of duties; 2) proper authorization of transactions and activities; 3) adequate documents and records; 4) physical control over assets and records; and 5) independent checks on performance (Arens, Elder, Beasley, Auditing and Assurance Services). 4. Information & Communication Information and Communication relates to the flow of information in two directions within the organization. First, information should flow downward to the line functions and provide the best, most accurate information as needed to allow the function to produce the best results possible. Second, information about performance should flow upwards through management, through both formal and informal communication channels, providing objective feedback. Both communication channels must function effectively to safeguard the organization (Cendrowski, Martin, Petro, The Handbook of Fraud Deterrence). 5. Monitoring Monitoring activities deal with ongoing or periodic assessment of the quality of internal control performance by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions (Arens, Elder, Beasley, Auditing and Assurance Services). Monitoring involves both fraud deterrence and fraud detection activities. First, management(what if some in the management are the perpetrators of fraud) must ensure that all control processes are performed as designed and approved. Control compliance analysis to verify correct performance of procedures could reveal a control that has been inappropriately modified or one that is not performed as approved; this control weakness could present the opportunity for fraud. Proactively identifying these weaknesses and correcting the weakness is this is the fraud deterrence aspect of the monitoring process (Cendrowski, Martin, Petro, The Handbook of Fraud Deterrence).

SarbanesOxley Section 404: Assessment of internal control

The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control on financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort. Under Section 404 of the Act, management is required to produce an "internal control report" as part of each annual Exchange Act report. The report must affirm "the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting." The report must also "contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting." To do this, managers are generally adopting an internal control framework such as that described in COSO. To help alleviate the high costs of compliance, guidance and practice have continued to evolve. The Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 5 for public accounting firms on July 25, 2007. This standard superseded Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its interpretive guidance on June 27, 2007. It is generally consistent with the PCAOB's guidance, but intended to provide guidance for management. Both management and the external auditor are responsible for performing their assessment in the context of a top-down risk assessment, which requires management to base both the scope of its assessment and evidence gathered on risk. This gives management wider discretion in its assessment approach. These two standards together require management to:

Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks; Understand the flow of transactions, including IT aspects, in sufficient detail to identify points at which a misstatement could arise; Evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework; Perform a fraud risk assessment; Evaluate controls designed to prevent or detect fraud, including management override of controls; Evaluate controls over the period-end financial reporting process; Scale the assessment based on the size and complexity of the company; Rely on management's work based on factors such as competency, objectivity, and risk; Conclude on the adequacy of internal control over financial reporting.

SOX 404 compliance costs represent a tax on inefficiency, encouraging companies to centralize and automate their financial reporting systems. This is apparent in the comparative costs of companies with

decentralized operations and systems, versus those with centralized, more efficient systems. For example, the 2007 Financial Executives International (FEI) survey indicated average compliance costs for decentralized companies were $1.9 million, while centralized company costs were $1.3 million. Costs of evaluating manual control procedures are dramatically reduced through automation.

SOX 404 topdown risk assessment

In financial auditing of public companies in the United States, SOX 404 topdown risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the SarbanesOxley Act of 2002 (SOX 404). The term is used by the U.S. Public Company Accounting Oversight Board(PCAOB) and the Securities and Exchange Commission (SEC). The TDRA is used to determine the scope and required evidence to support management's testing of its internal controls under SOX404. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls. Detailed guidance about performing the TDRA is included with PCAOB Auditing Standard No. 5 (Release 2007-005 "An audit of internal control over financial reporting that is integrated with an audit of financial statements")[1] and the SEC's interpretive guidance (Release 33-8810/34-55929) "Management's Report on Internal Control Over Financial Reporting").[2][3] This guidance is applicable for 2007 assessments for companies with 12/31fiscal year-ends. The PCAOB release superseded the existing PCAOB Auditing Standard No. 2, while the SEC guidance is the first detailed guidance for management specifically. The language used by the SEC chairman in announcing the new guidance was very direct: "Congress never intended that the 404 process should become inflexible, burdensome, and wasteful. The objective of Section 404 is to provide meaningful disclosure to investors about the effectiveness of a companys internal controls systems, without creating unnecessary compliance burdens or wasting shareholder resources. [4] Based on this statement and the new guidance, it appears the SEC and PCAOB expect a significant reduction in costs associated with SOX 404 compliance, by focusing efforts on higher-risk areas and reducing efforts in lower-risk areas. TDRA is a hierarchical framework that involves applying specific risk factors to determine the scope and evidence required in the assessment of internal control. Both the PCAOB and SEC guidance contain similar frameworks. At each step, qualitative or quantitative risk factors are used to focus the scope of the SOX404 assessment effort and determine the evidence required. Key steps include: 1. 2. 3. 4. identifying significant financial reporting elements (accounts or disclosures) identifying material financial statement risks within these accounts or disclosures determining which entity-level controls would address these risks with sufficient precision determining which transaction-level controls would address these risks in the absence of precise entity-level controls

5. determining the nature, extent, and timing of evidence gathered to complete the assessment of inscope controls Management is required to document how it has interpreted and applied its TDRA to arrive at the scope of controls tested. In addition, the sufficiency of evidence required (i.e., the timing, nature, and extent of control testing) is based upon management (and the auditor's) TDRA. As such, TDRA has significant compliance cost implications for SOX404. Method The guidance is principles-based, providing significant flexibility in the TDRA approach. There are two major steps: 1) Determining the scope of controls to include in testing; and 2) Determining the nature, timing and extent of testing procedures to perform. [edit]Determining scope The key SEC principle related to establishing the scope of controls for testing may be stated as follows: "Focus on controls that adequately address the risk of material misstatement." This involves the following steps: [edit]Determine significance and misstatement risk for financial reporting elements (accounts and disclosures) Under the PCAOB AS 5 guidance, the auditor is required to determine whether an account is "significant" or not (i.e., yes or no), based on a series of risk factors related to the likelihood of financial statement error and magnitude (dollar value) of the account. Significant accounts and disclosures are in-scope for assessment, so management typically includes this information in its documentation and generally performs this analysis for review by the auditor. This documentation may be referred to in practice as the "significant account analysis." Accounts with large balances are generally presumed to be significant (i.e., in-scope) and require some type of testing. New under the SEC guidance is the concept of also rating each significant account for "misstatement risk" (low, medium, or high), based on similar factors used to determine significance. The misstatement risk ranking is a key factor used to determine the nature, timing, and extent of evidence to be obtained. As risk increases, the expected sufficiency of testing evidence accumulated for controls related to significant accounts increases (see section below regarding testing & evidence decisions). Both significance and misstatement risk are inherent risk concepts, meaning that the conclusions are determined excluding the effectiveness of controls. Control effectiveness theoretically applies to testing and evidence decisions, not account scope decisions. [edit]Identify financial reporting objectives Objectives help set the context and boundaries in which risk assessment occurs. The COSO Internal Control-Integrated Framework, a standard of internal control widely used for SOX compliance, states: "A precondition to risk assessment is the establishment of objectives..." and "Risk assessment is the identification and analysis of relevant risks to achievement of the objectives." The SOX guidance states

several hierarchical levels at which risk assessment may occur, such as entity, account, assertion, process, and transaction class. Objectives, risks, and controls may be analyzed at each of these levels. The concept of a top-down risk assessment means considering the higher-levels of the framework first, to filter from consideration as much of the lower-level assessment activity as possible. Management first develops listings of entity-wide control objectives. An example is: "Employees are aware of the Company's Code of Conduct." The COSO 1992/1994 Framework defines each of the five components of internal control (i.e., Control Environment, Risk Assessment, Information & Communication, Monitoring, and Control Activities). Evaluation suggestions are included at the end of key chapters and in the "Evaluation Tools" volume; these can be modified into objective statements. Next, management develops listings of assertion-level control objectives related to the in-scope (significant) accounts. An example of an assertion-level objective is "Revenue is recognized only upon the delivery of products and services." Lists of assertion-level control objectives are available in most financial auditing textbooks and require tailoring to the organization. Excellent examples are also available in AICPA Statement on Auditing Standards No. 110 (SAS 110) [5] for the inventory process. SAS 106 includes the latest guidance on financial statement assertions.[6] [edit]Identify material risks to the achievement of the objectives Those risks that inherently have a "reasonably possible" likelihood of causing a material error in the account balance or disclosure are the material misstatement risks ("MMR"). Note that this is a slight amendment to the "more than remote" likelihood language of PCAOB AS2, intended to limit the scope to fewer, more critical material risks and related controls. Management develops a listing of MMR, linked to the specific accounts and control objectives developed above. MMR may be identified by asking the question: "What can go wrong related to the account, assertion or objective?" MMR may arise within the accounting function (e.g., regarding estimates, judgments, and policy decisions) or the internal and external environment (e.g., corporate departments that feed the accounting department information, economic and stock market variables, etc.) Communication interfaces, changes (people, process or systems), fraud vulnerability, management override of controls, incentive structure, complex transactions, and degree of judgment or human intervention involved in processing are other high-risk topics. In general, management considers questions such as: What is really difficult to get right? What accounting problems have we had in the past? What has changed? Who might be capable or motivated to commit fraud or fraudulent financial reporting? As a high percentage of financial frauds historically have involved the overstatement of revenue, such accounts typically merit additional attention. AICPA Statement on Auditing Standards No. 109 (SAS 109)[7] also provides helpful guidance regarding financial risk assessment. Under the 2007 guidance, companies are required to perform a fraud risk assessment and assess related controls. This typically involves identifying scenarios in which theft or loss could occur and determining if existing control procedures effectively manage the risk to an acceptable level.[8] The risk that senior management might override important financial controls to manipulate financial reporting is also a key area of focus in the fraud risk assessment.[9]

In practice, many companies combine the objective and risk statements when describing MMR. These MMR statements serve as a target, focusing efforts to identify mitigating controls. [edit]Identify controls that address the material misstatement risks (MMR) For each MMR, management determines which controls address the risk sufficiently and precisely enough to mitigate it. The word "mitigate" in this context means the control (or controls) reduces the likelihood of material error presented by the MMR to a "remote" probability. Even though multiple controls may bear on the risk, only those that address it as defined above are included in the assessment. In practice, these are called the "in-scope" or "key" controls. Judgment is typically the best guide for selecting the most important controls relative to a particular risk for testing. PCAOB AS5 introduces a three-level framework describing entity-level controls at varying levels of precision (direct, monitoring, and indirect.) As a practical matter, control precision by type of control, in order of most precise to least, may be interpreted as: 1. Transaction-specific (non-entity level) Review (or preventive system controls) related to specific, individual transactions; 2. Transaction summary (non-entity level) Review of reports listing individual transactions; 3. Period-end reporting Journal entry review, account reconciliations or detailed account analysis; 4. Direct monitoring Thorough review of summarized financial and operational information, or checklists verifying more detailed control procedures were completed (i.e., controls that monitor execution of other controls); and 5. Indirect Entity-level controls that are not linked to specific transactions, such as the control environment. It is increasingly difficult to argue that reliance upon controls is reasonable in achieving assertion-level objectives as one travels along this continuum from most precise to least, and as risk increases. A combination of type 3 & 4 controls above (direct entity-level) may help reduce the number of type 1 & 2 controls (transactional) that require assessment for particular risks, especially in lower-risk, transactionintensive processes. Under the 2007 guidance, it appears acceptable to place significantly more reliance on the period-end controls (i.e., review of journal entries and account reconciliations) than in the past, effectively addressing many of the material misstatement risks and enabling either: a) the elimination of a significant number of transactional controls from the prior-year's scope of testing; or b) reducing related evidence obtained. The number of transaction-level controls may be reduced significantly, particularly for lower-risk accounts. [edit]Considerations in testing and evidence decisions The key SEC principle regarding evidence decisions can be summarized as follows: "Align the nature, timing and extent of evaluation procedures on those areas that pose the greatest risks to reliable financial reporting." The SEC has indicated that the sufficiency of evidence required to support the assessment of specific MMR should be based on two factors: a) Financial Element Misstatement Risk ("Misstatement Risk") and b) Control Failure Risk. These two concepts together (the account- or disclosure-related risks and control-related risks) are called "Internal Control over Financial Reporting Risk" or "ICFR" risk. A

table was included in the guidance to illustrate this concept; it is the only such table, which indicates the emphasis placed on it by the SEC. ICFR risk should be associated with the in-scope controls identified above and may be part of that analysis. This involves the following steps: Link each key control to the "Misstatement Risk" of the related account or disclosure Management identified the misstatement risk for each significant account and disclosure as part of the scoping assessment above. The low, medium, or high ranking assessed should be associated with the controls related to the account. One way of accomplishing this would be to include the ranking within the control inventory or control matrix documents of the company. [edit]Rate each key control for "control failure risk (CFR)" and "ICFR risk" CFR is applied at the individual control level, based on factors in the guidance related to complexity of processing, manual vs. automated nature of the control, judgment involved, etc. Management fundamentally asks the question: "How difficult is it to execute this control properly each and every time?" With account misstatement risk and CFR defined, management can then conclude on ICFR risk (low, medium, or high) for the control. ICFR is the key risk concept used in evidence decisions. [edit]Consider the impact of risk on the timing, nature, and extent of testing The guidance provides flexibility in the timing, nature and extent of evidence based on the interaction of Misstatement Risk and Control Failure Risk (together, ICFR Risk). These two factors should be used to update the "Sampling and Evidence Guide" used by most companies. As these two risk factors increase, the sufficiency of evidence required to address each MMR increases. Management has significant flexibility regarding the following testing and evidence considerations, in the context of the ICFR risk related to a given control:

Extent (sample size): The sample size increases proportional to ICFR risk. Nature of evidence: Inquiry, observation, inspection and re-performance are the four evidence types, listed in order of sufficiency. Evidence beyond inquiry, typically inspection of documents, is required for tests of control operating effectiveness. Re-performance evidence would be expected for the highest risk controls, such as in the period-end reporting process. Nature of the control (manual vs. automated): For fully automated controls, either a sample size of one or a "benchmarking" test strategy may be used. If IT general controls related to change management are effective and the fully automated control has been tested in the past, annual testing is not required. The benchmark must be periodically established. Scope of roll-forward testing required: As risk increases, roll-forward testing is increasingly likely to be necessary to extend the effect of interim testing to year-end. Lower-risk controls presumably do not require roll-forward testing.

Pervasive factors that also affect the evidence considerations above include:

Overall strength of entity-level controls, particularly the control environment: Strong entity-level controls act as a pervasive "counter-weight" to risk across the board, reducing the sufficiency of evidence required in lower-risk areas and supporting the spirit of the new guidance in terms of reducing overall effort. Cumulative knowledge from prior assessments regarding particular controls: If particular processes and controls have a history of working effectively, the extent of evidence required in lower-risk areas can be reduced.

Consider risk, objectivity, and competence in testing decisions Management has significant discretion in who performs its testing. The SEC guidance indicates that the objectivity of the person testing a given control should increase proportionally to the ICFR risk related to that control. Therefore, techniques such as self-assessment are appropriate for lower-risk areas, while internal auditors (or the equivalent) generally should test higher-risk areas. An intermediate technique in practice is "quality assurance," where manager A tests manager B's work, and vice-versa. The external auditors ability to rely on management's testing follows similar logic. Reliance is proportional to the competence and objectivity of the management person that completed the testing, also in the context of risk. For the highest risk areas, such as the control environment and period-end reporting process, internal auditors or compliance teams are likely the best choices to perform testing, if a significant degree of reliance is expected from the external auditor. The ability of the external auditor to rely on management's assessment is a major cost factor in compliance. [edit]Strategies for efficient SOX 404 assessment There are a variety of specific opportunities to make the SOX 404 assessment as efficient as possible.[10][11] Some are more long-term in nature (such as centralization and automation of processing) while others can be readily implemented. Frequent interaction between management and the external auditor is essential to determining which efficiency strategies will be effective in each company's particular circumstances and the extent to which control scope reduction is appropriate. [edit]Centralization and automation Centralize: Using a shared service model in key risk areas enables multiple locations to be treated as one for testing purposes. Shared service models are typically used for payroll and accounts payable processes, but can be applied to many types of transaction processing. According to a recent survey by Finance Executives International, decentralized companies had dramatically higher SOX compliance costs than centralized companies.[12] Automate and benchmark: Key fully automated IT application controls have minimal sample size requirements (usually one, as opposed to as many as 30 for manual controls) and may not have to be tested directly at all under the benchmarking concept. Benchmarking (see Appendix B of the PCAOB guidance) allows fully automated IT application controls to be excluded from testing if certain IT change management controls are effective. For example, many companies rely heavily on manual interfaces between systems, with spreadsheets created for downloading and uploading manual journal entries. Some

companies process thousands of such entries each month. By automating manual journal entries, both labor and SOX assessment costs may be dramatically reduced. In addition, the reliability of financial statements is improved. [edit]Overall assessment approach Review testing approach and documentation: Many companies or external audit firms mistakenly attempted to impose generic frameworks over unique transaction-level processes or across locations. For instance, most of the COSO Framework elements represent indirect entity-level controls, which should be tested separately from transactional processes. In addition, IT security controls (a subset of ITGC) and shared service controls can be placed in separate process documentation, enabling more efficient assignment of test responsibility and removing redundancy across locations. Testing the key journal entries and account reconciliations as separate efforts enables additional efficiency and focus to be brought to these critical controls. Rely on direct entity-level controls: The guidance emphasizes identifying which direct entity-level controls, particularly the period-end process and certain monitoring controls, are sufficiently precise to remove assertion-level (transactional) controls from scope. The key is to determine which combination of entity-level and assertion-level controls address particular MMR. Minimize roll-forward testing: Management has more flexibility under the new guidance to extend the effective date of testing performed during mid-year ("interim") periods to the year-end date. Only the higher risk controls will likely require roll-forward testing under the new guidance. PCAOB AS5 indicates that inquiry procedures, regarding whether changes in the control process occurred between the interim and year-end period, may be sufficient in many cases to limit roll-forward testing. Revisit scope of locations or business units assessed: This is a complex area requiring substantial judgment and analysis. The new guidance focuses on specific MMR, rather than dollar magnitude in determining the scope and sufficiency of evidence to be obtained at decentralized units. The interpretation (common under the previous guidance) that a unit or group of units is material and therefore a large number of controls across multiple processes require testing, has been superseded. Where account balances from single units or groups of similar units are a material portion of the consolidated account balance, management should carefully consider whether MMR may exist relative to these accounts only. Testing focused on just the controls related to the MMR should then be performed. Monitoring controls, such as detailed performance review meetings with robust reporting packages, should also be considered to limit transaction-specific testing. [edit]IT assessment approach Focus IT general control (ITGC) testing: ITGC are not included in the definition of entity-level controls under the SEC or PCAOB guidance. Therefore, ITGC testing should be performed to the extent it addresses specific MMR. By nature, ITGC enables management to place reliance on fully automated application controls (i.e., those that operate without human intervention) and IT-dependent controls (i.e., those that involve the review of automatically generated reports). Focused ITGC testing is merited to support the control objectives or assertions that fully automated controls have not been changed without authorization and that control reporting generated is both accurate and complete. Key ITGC focus areas

therefore likely to be critical include: change management procedures applied to specific financial system implementations during the period; change management procedures sufficient to support a benchmarking strategy; and periodic monitoring of application security, including separation of duties. Focus IT application control testing: There has never been a requirement to perform comprehensive IT application control testing (i.e., input-processing-output controls) for financial systems. Only the fully automated application controls identified as key to addressing specific MMR require testing; these may be benchmarked as discussed above. An example is an automated vendor master file control that ensures only valid vendor name and address combinations can be input during accounts payable invoice processing. As such controls are identified as key, they should be tested or benchmarked. There are typically several such key controls in each transactional process.

AUD 2 (Understanding the Entity and Its Environment) Questions

1. Which of the following payroll control activities would most effectively ensure that payment is made only for work performed? A) Require all employees to record arrival and departure by using the time clock. B) Have a payroll clerk recalculate all time cards. C) Require all employees to sign their time cards. D) Require employees to have their direct supervisors approve their time cards. 2. Which of the following factors is most likely to affect the extent of the documentation of the auditor's understanding of a client's system of internal controls? A) The industry and the business and regulatory environments in which the client operates. B) The degree to which information technology is used in the accounting function. C) The relationship between management, the board of directors, and external stakeholders. D) The degree to which the auditor intends to use internal audit personnel to perform substantive tests. 3. Green, CPA, is auditing the financial statements of Ajax Co. Ajax uses the DP Service Center to process its payroll. DP's financial statements are audited by Blue, CPA, who recently issued a report on DP's policies and procedures regarding the processing of other entity's transactions. In considering whether Blue's report is satisfactory for Green's purposes, Green should A) Make inquiries concerning Blue's professional reputation. B) Assess control risk at the maximum level. c) Review the audit programs followed by Blue. D) Perform tests of controls at the DP Service Center. 4. Which of the following procedures is considered a test of controls? A) An auditor reviews the entity's check register for unrecorded liabilities. B) An auditor evaluates whether a general journal entry was recorded at the proper amount.

C) An auditor interviews and observes appropriate personnel to determine segregation of duties. D) An auditor reviews the audit workpapers to ensure proper sign-off. 5. Which of the following activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud? A) Distributing paychecks directly to department employees. B) Setting the pay rate for departmental employees. C) Hiring employees and authorizing them to be added to payroll. D) Approving a summary of hours each employee worked during the pay period. 6. An auditor is concerned about a policy of management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor's concern? A) Matching purchase orders to accounts payable. B) Verifying that approved spending limits are not exceeded. C) Tracing sales orders to the revenue account. D) Reviewing minutes of board meetings. 7. When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate? A) Test the operating effectiveness of such controls in the current audit. B) Document that reliance and proceed with the original audit strategy. C) Inquire of management as to the effectiveness of the controls. D) Report the reliance in the report on internal controls. 8. In which of the following circumstances would an auditor expect to find that an entity implemented automated controls to reduce risks of misstatement? A) When errors are difficult to predict. B) When misstatements are difficult to define. c) When large, unusual, or nonrecurring transactions require judgment. D) When transactions are high-volume and recurring. 9. Which of the following statements is correct concerning analytical procedures used in planning an audit engagement? A) They often replace the tests of controls that are performed to assess control risk. B) They usually use financial and nonfinancial data aggregated at a high level. C) They usually involve the comparison of assertions developed by management to ratios calculated by an auditor. D) They are often used to develop an auditor's preliminary judgment about materiality. 10. Which of the following statements is correct regarding internal control? A) A well-designed internal control environment ensures the achievement of an entity's control objectives. B) An inherent limitation to internal control is the fact that controls can be circumvented by management

override. C) A well-designed and operated internal control environment should detect collusion perpetrated by two people. D) Internal control is a necessary business function and should be designed and operated to detect all errors and fraud. 11. Which of the following analytical procedures most likely would be used during the planning stage of an audit? A) Comparing current-year to prior-year sales volumes. B) Reading the financial statements and notes and considering the adequacy of evidence. C) Comparing the current-year ratio of aggregate salaries paid to the number of employees to the prioryear's ratio. D) Reading the letter from the client's attorney and considering the threat of litigation. 12. Which of the following should an auditor do when control risk is assessed at the maximum level? A) Perform fewer substantive tests of details. B) Perform more tests of controls. C) Document the assessment. D) Document the control structure more extensively. 13. Which of the following is a definition of control risk? A) The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls. B) The risk that the auditor will not detect a material misstatement. C) The risk that the auditor's assessment of internal controls will be at less than the maximum level. D) The susceptibility of material misstatement assuming there are no related internal control, policies, or procedures. 14. Which of the following is not a component of internal control? A) Control environment. B) Control activities. C) Inherent risk. D) Monitoring. 15.Prior to, or in conjunction with, the information-gathering procedures for an audit, audit team members should discuss the potential for material misstatement due to fraud. Which of the following best characterizes the mind-set that the audit team should maintain during this discussion? A) Presumptive. B) Judgmental. C) Criticizing. D) Questioning.

16. Each of the following types of controls is considered to be an entity-level control, except those A) Relating to the control environment. B) Pertaining to the company's risk assessment process. C) Regarding the company's annual stockholder meeting. D) Addressing policies over significant risk management practices. 17. An auditor is auditing a mutual fund company that uses a transfer agent to handle accounting for shareholders. Which of the following actions by the auditor would be most efficient for obtaining information about the transfer agent's internal controls? A) Review reports on internal control placed in operation and its operating effectiveness produced by the agent's own auditor. B) Review prior-year workpapers to determine whether the number of transactions processed by the agent has materially increased. C) Perform an audit on the internal control function of the agent. D) Perform tests of controls on a sample of the audited firm's transactions through the agent. 18. An auditor is determining if internal control relative to the revenue cycle of a wholesaling entity is operating effectively in minimizing the failure to prepare sales invoices. The auditor most likely would select a sample of transactions from the population represented by the A) Cash receipts file. B) Shipping document file. C) Customer order file. D) Sales invoice file. 19. An audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements? A) Issue a qualified opinion on the basis of a scope limitation. B) Document the auditor's understanding of internal controls. C) Assess control risk at the maximum level. D) Restrict the auditor's responsibility to assess the effectiveness of controls in the audit engagement letter. 20. Evidence concerning the proper segregation of duties for receiving and depositing cash receipts ordinarily is obtained by A) Completing an internal control questionnaire that describes the control activities. B) Observing the employees who are performing the control activities. C) Performing substantive tests to verify the details of the bank balance. D) Preparing a flow chart of the duties performed and the entity's available personnel. 21. Which of the following best represents a key control for ensuring sales are properly authorized when accessing control risks for sales? A) The separation of duties between the billing department and the cash receipts approval department.

B) The use of an approved price list to determine unit selling price. C) Copies of approved sales orders sent to the shipping, billing, and accounting departments. D) Sales orders are sent to the credit department for approval. 22. A client maintains a large data center where access is limited to authorized employees. How may an auditor best determine the effectiveness of this control activity? A) Inspect the policy manual establishing this control activity. B) Ask the chief technology officer about known problems. C) Observe whether the data center is monitored. D) Obtain a list of current data center employees. 23. To provide assurance that each voucher is submitted and paid only once, an auditor most likely would examine a sample of paid vouchers and determine whether each voucher is A) Stamped paid by the check signer. B) Returned to the vouchers payable department. C) Supported by a vendor's invoice and purchase order. D) Prenumbered and accounted for. 24. Which of the following is an inherent limitation of internal controls? A) Judgmental sampling. B) Collusion. C) Segregation of duties. D) Employee peer review. 25. On receiving a client's bank cutoff statement, an auditor most likely would trace A) Prior year checks listed in the cutoff statement to the year end outstanding checklist. B) Deposits in transit listed in the cutoff statement to the year end bank reconciliation. C) Checks dated after year-end listed in the cutoff statement to the year end outstanding checklist. D) Deposits recorded in the cash receipts journal after year-end to the cutoff statement. 26. An auditor reviews the reconciliation of payroll tax forms that a client is responsible for filing in order to A) Verify that payroll taxes are deducted from employees gross pay. B) Determine whether internal control activities are operating effectively. C) Uncover fictitious employees who are receiving payroll checks. D) Identify potential liabilities for unpaid payroll taxes. 27. Which of the following factors should an auditor consider in making a judgment about whether an internal control deficiency is so significant that it is a reportable condition? I. Diversity of the entitys business. II. Size of the entitys operations. A) I only.

B) II only. C) Both I and II. D) Neither I nor II. 28. An auditor discovered that a clients accounts receivable turnover is substantially lower for the current year than for the prior year. This may indicate that A) Fictitious credit sales have been recorded during the year. B) Employees have stolen inventory just before the year end. C) The client recently tightened its credit-granting policies. D) An employee has been lapping receivables in both years. 29. Which of the following is the primary reason that many auditors hesitate to use embedded audit modules? A) Embedded audit modules cannot be protected from computer viruses. B) Auditors are required to monitor embedded audit modules continuously to obtain valid results. C) Embedded audit modules can easily be modified through management tampering. D) Auditors are required to be involved in the system design of the application to be monitored. 30. When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor most likely would increase the A) Level of detection risk. B) Extent of tests of details. C) Level of inherent risk. D) Extent of tests of controls. 31. Which of the following audit techniques ordinarily would provide an auditor with the least assurance about the operating effectiveness of an internal control activity? A) Inquiry of client personnel. B) Inspection of documents and reports. C) Observation of client personnel. D) Preparation of system flowcharts. 32. To determine whether internal control relative to the revenue cycle of a wholesaling entity is operating effectively in minimizing the failure to prepare sales invoices, an auditor most likely would select a sample of transactions from the population represented by the A) Sales order file. B) Customer order file. C) Shipping document file. D) Sales invoice file. 33. Which of the following procedures represents a weakness in internal controls for payroll? A) The payroll clerk distributes signed payroll checks. Undistributed checks are returned to the payroll

department. B) The accounting department wires transfers funds to the payroll bank account. The transfer is based on totals from the payroll department summary. C) The payroll department prepares checks using a signature plate. The treasurer supervises the process before payroll checks are distributed. D) The payroll department prepares checks. The chief financial officer signs the payroll checks. 34. When an auditor is to conduct an audit of a service organization, what considerations should the auditor make in the planning stages regarding internal controls of the organization? A) The auditor should assess the control risk before obtaining an understanding of internal controls. B) The auditor should obtain an understanding of the entity's internal controls after performing substantive procedures. C) The auditor should obtain an understanding of the effect of the user organization upon the service organization. D) The auditor should be engaged to perform agreed-upon procedures. 35. A client that recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name, and the individual's password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client's computer-access control? A) Employees can easily guess fellow employees' passwords. B) Employees are not required to change passwords. C) Employees can circumvent procedures to segregate duties. D) Employees are not required to take regular vacations. 36. In an environment that is highly automated, an auditor determines that it is not possible to reduce detection risk solely by substantive tests of transactions. Under these circumstances, the auditor most likely would A) Perform tests of controls to support a lower level of assessed control risk. B) Increase the sample size to reduce sampling risk and detection risk. C) Adjust the materiality level and consider the effect on inherent risk. D) Apply analytical procedures and consider the effect on control risk. 37. Which of the following events occurring in the year under audit would most likely indicate that internal controls utilized in previous years may be inadequate in the year under audit? A) The entity announced that the internal audit function would be eliminated after the balance sheet date. B) The audit committee chairperson unexpectedly resigned during the year under audit. C) The chief financial officer waived approvals on all checks to one vendor to expedite payment. D) The frequency of accounts payable check runs was changed from biweekly to weekly.

38. An auditor observes the mailing of monthly statements to a client's customers and reviews evidence of follow-up on errors reported by the customers. This test of controls most likely is performed to support management's financial statement assertions of: Presentation and disclosure, Existence or occurrence A) Yes, Yes B) Yes, No C) No, Yes D) No, No 39. Which of the following factors would most likely be considered an inherent limitation to an entity's internal control? A) The complexity of the information processing system. B) Human judgment in the decision making process. C) The ineffectiveness of the board of directors. D) The lack of management incentives to improve the control environment. 40. Which of the following factors would least likely affect the extent of the auditor's consideration of the client's internal controls? A) The amount of time budgeted to complete the engagement. B) The size and complexity of the client. C) The nature of specific relevant controls. D) The auditors prior experience with client operations. 41. An auditor who uses a transaction cycle approach to assessing control risk most likely would test control activities related to transactions involving the sale of goods to customers with the A) Collection of receivables. B) Purchase of merchandise inventory. C) Payment of accounts payable. D) Sale of long-term debt. 42. Proper segregation of duties reduces the opportunities to allow any employee to be in a position to both A) Journalize cash receipts and disbursements and prepare the financial statements. B) Monitor internal controls and evaluate whether the controls are operating as intended. C) Adopt new accounting pronouncements and authorized the recording of transactions. D) Record and conceal fraudulent transactions in the normal course of assigned tasks. 43. Which of the following fraudulent activities most likely could be perpetrated due to the lack of effective internal controls in the revenue cycle? A) Merchandise received is not promptly reconciled to the outstanding purchase order file. B) Obsolete items included in inventory balances are rarely reduced to the lower of cost or market value. C) The write-off of receivables by personnel who receive cash permits the misappropriation of cash.

D) Fictitious transactions are recorded that cause an understatement of revenue and overstatement of receivables. 44. After testing a client's internal control activities, an auditor discovers a number of reportable conditions in the operation of a client's internal controls. Under these circumstances the auditor most likely would A) Issue a disclaimer of opinion about the internal controls as part of the auditor's report. B) Increase the assessment of control risk and increase the extent of substantive tests. C) Issue a qualified opinion of this finding as part of the auditor's report. D) Withdraw from the audit because the internal controls are ineffective. 45. Which of the following is an inherent limitation in internal control? A) Incompatible duties. B) Lack of segregation of duties. C) Faulty human judgment. D) Lack of an audit committee. 46. As a result of tests of controls, an auditor assesses control risk too high. This incorrect assessment most likely occurred because A) Control risk based on the auditor's sample is less than the true operating effectiveness of the client's control activity. B) The auditor believes that the control activity relates to the client's assertions when, in fact, it does not. c) The auditor believes that the control activity will reduce the extent of substantive testing when, in fact, it will not. D) Control risk based on the auditor's sample is greater than the true operating effectiveness of the client's control activity. 47. The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the risk that A) Specific internal control activities are not operating as designed. B) The collective effect of the control environment may not achieve the control objectives. C) Tests of controls may fail to identify activities relevant to assertions. D) Material misstatements may exist in the financial statements. 48. What is the most likely course of action that an auditor would take after determining that performing substantive tests on inventory will take less time than performing tests of controls? A) Assess control risk at the minimum level. B) Perform both tests of controls and substantive tests on inventory. C) Perform only substantive tests on inventory. D) Perform only tests of controls on inventory.

1.D 2.B 3.A 4.C 5.D 6.B 7.A 8.D 9.B 10.B 11.A 12.C 13.A 14.C 15.D 16.C 17.A 18.B 19.B 20.B 21.D 22.C 23.A 24.B 25.A 27.C 28.A 29.D 30.B 31.D 32.C 33.A 34.C 35.D 36.A 37.C 38.C 39.B 40.A 41.A 42.D 43.C 44.B 45.C 46.D 47.D 48.C

Auditing and Attestation 3: Performing Audit Procedures and Evaluating Evidence Substantive Procedures
Substantive procedures (or substantive tests) are those activities performed by the auditor [1] to detect material misstatement or fraud at the assertion level. The different assertions of balances are:

completeness, existence, rights , obligations, valuation & allocation, and presentation & disclosure.

Those for transactions are:

occurrence (validity), completeness, accuracy, cut-off and classification.

Management implicitly assert that account balances and underlying classes of transaction do not contain any material misstatements: in other words, that they are materially complete, valid and accurate. Auditors gather evidence about these assertions by undertaking activities referred to as substantive procedures. Examples For example, an auditor may: physically examine inventory as evidence that inventory shown in the accounting records actually exists (existence assertion); inspect supporting documents like invoices to confirm that sales did occur (occurrence); arrange for suppliers to confirm in writing the details of the amount owing at balance date as evidence that accounts payable is a liability (rights and obligation assertion); and make inquires of management about the collectibility of customers' accounts as evidence that trade debtors are accurate as to its valuation. Evidence that an account balance or class of transaction is not complete, valid or accurate is evidence of a substantive misstatement but only becomes a material misstatement when it is large enough that it can be expected to influence the decisions of the users of the financial statement. If fictitious credit sales were recorded, and the fictitious accounts receivable were later directly written off as bad debt expense,

Income would not be misstated

If fictitious credit sales were recorded, and the fictitious accounts receivable were later directly written off as bad debt expense,

Income would not be misstated

Looking at vendors' invoices for particular information is an example of:

Inspection of documents

In testing the existence assertion for an asset, an auditor ordinarily works from the:

Accounting records to the supporting evidence.

In determining whether transactions have been recorded, the direction of the audit testing should be from the:

Original source documents.

In designing written audit plans, an auditor should establish specific audit objective that relate primarily to the:

Financial statement assertions.

Regardless of the assessed level of control risk, an auditor of a non public company would perform some:

Substantive tests to restrict detection risk for significant transactions classes.

The appropriate separation of duties does not include:

Data preparation

Explain why: operating income increased from the prior year although the entity was less profitable than in the prior year.

The effective income tax rate increased, as compared to the prior year.

Types of procedures There are two categories of substantive procedures - analytical procedures and tests of detail. Analytical procedures generally provide less reliable evidence than the tests of detail. Note also that analytical procedures are applied in several different audit stages, whereas tests of detail are only applied in the substantive testing stage.

AUD 3 (Performing Audit Procedures and Evaluating Evidence) Questions

1.Which of the following would be a consideration in planning a sample for a test of subsequent cash receipts? A) Preliminary judgments about materiality levels. B) The amount of bad debt write-offs in the prior year. C) The size of the intercompany receivable balance. D) The auditor's allowable risk of assessing control risk is too low. 2.An auditor's analytical procedures indicate a lower than expected return on an equity method investment. This situation most likely could have been caused by A) An error in recording amortization of the excess of the investor's cost over the investment's underlying book value. B) The investee's decision to reduce cash dividends declared per share of its common stock. C) An error in recording the unrealized gain from an increase in the fair value of available-for sale securities in the income account for trading securities. D) A substantial fluctuation in the price of the investee's common stock on a national stock exchange. 3.Under which of the following conditions may an auditor's observation procedure for inventory be performed during or after the end of the period under audit? A) When the client maintains periodic inventory records. B) When the auditor finds minimal variations in client records and test counts in prior periods. C) When total inventory has not varied more than 5% in the last five years.

D) When well-kept perpetual inventory records are checked by the client periodically by comparisons with physical counts. 4. Which of the following is a computer-assisted audit technique that permits an auditor to insert the auditor's version of a client's program to process data and compare the output with the client's output? A) Test data module. B) Frame relay protocol. C) Remote node router. D) Parallel simulation. 5. What is an auditor's primary method to corroborate information on litigation, claims, and assessments? A) Examining legal invoices sent by the client's attorney. B) Verifying attorney-client privilege through interviews. C) Reviewing the response from the client's lawyer to a letter of audit inquiry. D) Reviewing the written representation letter obtained from management. 6. Which of the following management roles would typically be acknowledged in a management representation letter? A) Management has the responsibility for the design of controls to detect fraud. B) Management communicates its views on ethical behavior to its employees. C) Management's knowledge of fraud is communicated to the audit committee. D) Management's compensation is contingent upon operating results. 7. Before reissuing a compilation report on the financial statements of a nonissuer for the prior year, the predecessor accountant is required to A) Make inquiries about actions taken at meetings of the board of directors during the current year. B) Verify that the reissued report will not be used to obtain credit from a financial institution. C) Review the successor accountant's working papers for matters affecting the prior year. D) Compare the prior year's financial statements with those of the current year. 8. Which of the following procedures would a CPA ordinarily perform when reviewing the financial statements of a nonissuer in accordance with Statements on Standards for Accounting and Review Services (SSARS)? A) Apply year-end cutoff tests for the sales and purchasing functions. B) Compare the financial statements with budgets or forecasts. C) Obtain an understanding of the entity's internal control components. D) Document whether control risk is assessed at or below the maximum level. 9. What type of evidence would provide the highest level of assurance in an attestation engagement? A) Evidence secured solely from within the entity. B) Evidence obtained from independent sources.

C) Evidence obtained indirectly. D) Evidence obtained from multiple internal inquiries. 10.Which of the following explanations best describes why an auditor may decide to reduce tests of details for a particular audit objective? A) The audit is being performed soon after the balance sheet date. B) Audit staff are experienced in performing the planned procedures. C) Analytical procedures have revealed no unusual or unexpected results. D) There were many transactions posted to the account during the period. 11. During the confirmation of accounts receivable, an auditor receives a confirmation via the client's fax machine. Which of the following actions should an auditor take? A) Not accept the confirmation and select another customer's balance to confirm. B) Not accept the confirmation and treat it as an exception. C) Accept the confirmation and file it in the working papers. D) Accept the confirmation but verify the source and content through a telephone call to the respondent. 12. Which of the following tests of details most likely would help an auditor determine whether accounts payable have been misstated? A) Examining reported purchase returns that appear too low. B) Examining vendor statements for amounts not reported as purchases. C) Searching for customer-returned goods that were not reported as returns. D) Reviewing bank transfers recorded as cash received from customers. 13. An audit client sells 15 to 20 units of product annually. A large portion of the annual sales occur in the last month of the fiscal year. Annual sales have not materially changed over the past five years. Which of the following approaches would be most effective concerning the timing of audit procedures for revenue? A) The auditor should perform analytical procedures at an interim date and discuss any changes in the level of sales with senior management. B) The auditor should inspect transactions occurring in the last month of the fiscal year and review the related sale contracts to determine that revenue was posted in the proper period. C) The auditor should perform tests of controls at an interim date to obtain audit evidence about the operational effectiveness of internal controls over sales. D) The auditor should review period-end compensation to determine if bonuses were paid to meet earnings goals. 14. An auditor should be aware of subsequent events that provide evidence concerning conditions that did not exist at year end but arose after year end. These events may be important to the auditor because they may A) Require adjustments to the financial statements as of the year end. B) Have been recorded based on preliminary accounting estimates.

C) Require disclosure to keep the financial statements from being misleading. D) Have been recorded based on year-end tests for asset obsolescence. 15. Which of the following disagreements between the auditor and management do not have to be communicated by the auditor to those charged with governance? A) Disagreements regarding management's judgment about accounting estimates for goodwill. B) Disagreements about the scope of the audit. C) Disagreements in the application of accounting principles relating to software development costs. D) Disagreements of the amount of the LIFO inventory layer based on preliminary information. 16. Which of the following is required of an accountant in reviewing a company's financial statements under Statements on Standards for Accounting and Review Services (SSARS)? A) Obtain knowledge of the client's industry. B) Send bank confirmations. C) Obtain a signed engagement letter from the client. D) Observe client's physical inventory. 17. Which of the following procedures should an accountant perform during an engagement to compile prospective financial statements? A) Test the entity's internal controls to determine if adequate controls exist so that financial projections can be reasonably achieved. B) Make inquiries prior to the date of the report about possible future transactions that may impact the forecast once the report is issued. C) Make inquiries about the accounting principles used in the preparation of the prospective financial statements. D) Compare the prospective financial statements with the entity's historical results for the prior year. 18. Which of the following statements is ordinarily correct about the sample size in statistical sampling when testing controls? A) The expected population deviation rate has little effect on determining the sample size. B) As the population size doubles, the sample size should also double. C) As the tolerable deviation rate increases, the sample size should also increase. D) The population size has little effect on the sample size. 19. In auditing contingent liabilities, which of the following procedures would an auditor most likely perform? A) Confirm the details of outstanding purchase orders. B) Apply analytical procedures to accounts payable. C) Read the minutes of the board of directors' meetings. D) Perform tests of controls on the cash disbursement activities.

20. A portion of a client's inventory is in public warehouses. Evidence of the existence of this merchandise can most efficiently be acquired through which of the following methods? A) Observation. B) Confirmation. C) Calculation. D) Inspection. 21. An auditor discovers that an account balance believed not to be materially misstated based on an audit sample was materially misstated based on the total population of the account balance. This is an example of which of the following sampling types of risks? A) Incorrect rejection. B) Incorrect acceptance. C) Assessing control risk too low. D) Assessing control risk too high. 22. Which of the following statements extracted from a client's lawyer's letter concerning litigation, claims, and assessments most likely would cause the auditor to request clarification? A) We believe that the possible liability to the company is nominal in amount. B) We believe that the action can be settled for less than the damages claimed. C) We believe that the plaintiff's case against the company is without merit. D) We believe that the company will be able to defend this action successfully. 23. Which of the following procedures would an auditor most likely perform to obtain evidence about the occurrence of subsequent events? A) Determine whether inventory ordered before the year end was included in the physical count. B) Inquire about payroll checks that were recorded before year end but cashed after year end. C) Investigate changes in capital stock recorded after year end. D) Review tax returns prepared by management after year end. 24. When an auditor decides to confirm accounts receivable balances rather than individual invoices, it most likely would be beneficial to include with the confirmations A) Copies of the client's shipping documents that support the account balances. B) Lists of the customers' recent payments that the client has already recorded. C) Client-prepared statements of account that show the details of the account balances. D) Copies of the customers' purchase orders that support the account balances. 25. The purpose of tracing a sample of inventory tags to a client's computerized listing of inventory items is to determine whether the inventory items A) Represented by tags were included on the listing. B) Included on the listing were properly counted. C) Represented by tags were reduced to the lower of cost or market. D) Included in the listing were properly valued.

26. An auditor has identified the controller's review of the bank reconciliation as a control to test. In connection with this test, the auditor interviews the controller to understand the specific data reviewed on the reconciliation. In addition, the auditor verifies that the bank reconciliation is properly prepared by the accountant and reviewed by the controller as evidenced by their respective sign-offs. Which of the following types of audit procedures do these actions illustrate? A) Observation and inspection of records. B) Confirmation and reperformance. C) Inquiry and inspection of records. D) Analytical procedures and reperformance. 27. Which of the following would be a consideration in planning an auditor's sample for a test of controls? A) Preliminary judgments about materiality levels. B) The auditor's allowable risk of assessing control risk is too high. C) The level of detection for the account. D) The auditor's allowable risk of assessing control risk is too low. 28. Which of the following procedures would an auditor most likely perform prior to the balance sheet date? A) Review subsequent events. B) Perform search for unrecorded liabilities. C) Send inquiry letter to client's legal counsel. D) Review detail and test significant travel and entertainment expenses. 29. Auditors try to identify predictable relationships when applying analytical procedures. Relationships involving transactions from which of the following accounts most likely would yield the highest level of evidence? A) Interest expense. B) Allowance for doubtful accounts. C) Accounts receivable. D) Accounts payable 30. Which of the following procedures would an auditor most likely perform regarding litigation? A) Confirm directly with the clerk of the court that the client's litigation is properly disclosed. B) Discuss with management its policies and procedures for identifying and evaluating litigation. C) Inspect the legal documents in the client's lawyer's possession regarding pending litigation. D) Confirm the details of pending litigation with the client's adversaries' legal representatives. 31. Which of the following procedures would an accountant most likely perform during an engagement to review the financial statements of a nonissuer? A) Review the predecessor accountant's working papers. B) Inquire of management about related party transactions.

C) Corroborate litigation information with the entity's attorney. D) Communicate internal control deficiencies to senior management. 32. Which of the following procedures would a CPA most likely perform when reviewing the financial statements of a nonissuer? A) Verify that the accounting estimates that could be material to the financial statements have been developed. B) Obtain an understanding of the entity's internal control components. C) Assess the entity's ability to continue as a going concern for a reasonable period of time. D) Make inquiries about actions taken at the board of directors meetings. 33. A client is a defendant in a patent infringement lawsuit against a major competitor. Which of the following items would least likely be included in the attorney's response to the auditor's letter of inquiry? A) A description of potential litigation in other matters or related to an unfavorable verdict in the patent infringement lawsuit. B) A discussion of case progress and the strategy currently in place by client management to resolve the lawsuit. C) An evaluation of the probability of loss and a statement of the amount or range of loss if an unfavorable outcome is reasonably possible. D) An evaluation of the ability of the client to continue as a going concern if the verdict is unfavorable and maximum damages are awarded. 34. Which of the following items would most likely require an adjustment to the financial statements for the year ended December 31, year 1? A) Uninsured loss of inventories purchased in year 1 as a result of a flood in year 2. B) Settlement of litigation in year 2 over an event that occurred in year 2. C) Loss on an uncollectible trade receivable recorded in year 1 from a customer that declared bankruptcy in year 2. D) Proceeds from a capital stock issuance in year 2 which was being approved by the board of directors in year 1. 35. Which of the following procedures would an auditor most likely perform in obtaining evidence about subsequent events? A) Examine changes in the quoted market prices of investments purchased since the year end. B) Compare the latest available interim financial information with the financial statements being reported upon. C) Apply analytical procedures to the details of the balance sheet accounts that were tested at interim dates. D) Inquire about payroll checks that were recorded before the year end but cashed after the year end. 36. Which of the following procedures would best detect a liability omission by management? A) Inquiry of senior support staff and recently departed employees.

B) Review and check mathematical accuracy of financial statements. C) Review articles of incorporation and corporate bylaws. D) Review purchase contracts and other legal documents. 37. Which of the following documents are examples of audit evidence generated by the client? A) Customer purchase orders and bank statements. B) Shipping documents and receiving reports. C) Vendor invoices and packing slips. D) Bills of lading and accounts receivable confirmations. 38. Which of the following procedures is ordinarily performed by an accountant during an engagement to compile the financial statements of a nonissuer? A) Make inquiries of the employees and senior management regarding transactions with related parties. B) Determine whether there is substantial doubt about the entity's ability to continue as a going concern. C) Scan the entity's records for the period just after the balance sheet date to identify subsequent events requiring disclosure. D) Consider whether the financial statements are free from obvious material mistakes in the application of accounting principles. 39. Which of the following procedures would an auditor most likely perform to assist in the evaluation of loss contingencies? A) Checking arithmetic accuracy of the accounting records. B) Performing appropriate analytical procedures. c) Obtaining a letter of audit inquiry from the client's lawyer. D) Reading the financial statements, including footnotes. 40. In an engagement to review the financial statements of a nonissuer, the accountant most likely would perform which of the following procedures? A) Physical inspection of inventory. B) Vouching of inventory purchase transactions. C) Analysis of inventory turnover. D) Evaluation of internal control over inventory. 41. An auditor requests a client to send letters of audit inquiry to attorneys who have been consulted concerning litigation, claims, and assessments. The primary reason for this request is to obtain A) The attorneys' assurance that litigation, claims, and assessments that are probable of assertion are properly accounted for. B) Corroboration of the information furnished by management concerning litigation, claims, and assessments. C) A description of litigation, claims, and assessments that have a reasonable possibility of unfavorable outcomes. D) The opinion of an expert whether any loss contingencies are possible, probable, or remote.

42. If the objective of an auditor's test of details is to detect a possible understatement of sales, the auditor most likely would trace transactions from the A) Sales invoices to the shipping documents. B) Cash receipts journal to the sales journal. C) Shipping documents to the sales invoices. D) Sales journal to the cash receipts journal. 43. Which of the following circumstances most likely would cause an auditor to suspect that material misstatements exist in a client's financial statements? A) The assumptions used in developing the prior year's accounting estimates have changed. B) Differences between reconciliations of control accounts and subsidiary records are not investigated. C) Negative confirmation requests yield fewer responses than in the prior year's audit. D) Management consults with another CPA firm about complex accounting matters. 44. On August 13, a CPA completed field work on an engagement to audit financial statements for the year ended June 30. On August 27, an event came to the CPAs attention that should be disclosed in the notes to the financial statements. The event was properly disclosed by the entity, but the CPA decided not to dual date the auditors report and dated the report August 27. Under these circumstances, the CPA was taking responsibility for A) All subsequent events that occurred through August 27. B) Only the specific subsequent event disclosed by the entity. C) All subsequent events that occurred through August 13 and the specific subsequent event disclosed by the entity. D) Only the subsequent events that occurred through August 13. 45. An auditor is selecting vouchers for testing an entity's internal control activities related to the proper approval of vouchers before checks are prepared. The auditor is matching random numbers with voucher numbers to determine which vouchers to inspect. If a random number matches a voided voucher, that voucher ordinarily would be replaced by another voucher in the random sample if the voided voucher A) Cannot be located in the voucher file. B) Represents a dollar amount that is material. C) Indicates a deviation from the prescribed activity. D) Has been properly voided. 46. Which of the following matters is an auditor not required to communicate to an entity's audit committee? A) Significant adjustments arising from the audit that were recorded by management. B) The basis for the auditor's conclusions about the reasonableness of management's sensitive accounting estimates. C) The level of responsibility assumed by the auditor under generally accepted auditing standards. D) The degree of reliance the auditor placed on the management representation letter.

47. A U.S. entity prepares its financial statements in conformity with accounting principles generally accepted in another country. These financial statements will be included in the consolidated financial statements of its non-U.S. parent. Before reporting on the financial statements of the U.S. entity, the auditor practicing in the U.S. should A) Notify management of the U.S. entity that the auditor is required to disclaim an opinion on the financial statements. B) Receive a waiver to report on the U.S. entity from the appropriate accountancy authority in the other country. C) Obtain written representations from management of the U.S. entity regarding the purpose and uses of the financial statements. D) Communicate with the auditor of the non-U.S. parent regarding the level of assurance to be provided. 48.An auditor decides to use the blank form of accounts receivable confirmation rather than the positive form. The auditor should be aware that the blank form may be less efficient because A) Subsequent cash receipts need to be verified. B) Statistical sampling may not be used. C) A higher assessed level of detection risk is required. D) More nonresponses are likely to occur. 49. An independent auditor asked a client's internal auditor to assist in preparing a standard financial institution confirmation request for a payroll account that had been closed during the year under audit. After the internal auditor prepared the form, the controller signed it and mailed it to the bank. What was the major flaw in this procedure? A) The internal auditor did not sign the form. B) The form was mailed by the controller. C) The form was prepared by the internal auditor. D) The account was closed, so the balance was zero. 50. Which of the following expressions most likely would be included in a management representation letter? A) No events have occurred subsequent to the balance sheet date that require adjustment to, or disclosure in, the financial statements. B) There are no reportable conditions identified during the prior-year's audit of which the audit committee of the board of directors is unaware. C) We do not intend to provide any information that may be construed to constitute a waiver of the attorney-client privilege. D) Certain computer files and other required evidential matter may exist only for a short period of time and only in computer-readable form. 51. When performing an engagement to review a nonpublic entity's financial statements, an accountant most likely would A) Obtain an understanding of the entity's internal control.

B) Limit the distribution of the accountant's report. C) Confirm a sample of significant accounts receivable balances. D) Ask about actions taken at board of directors' meetings. 52. Which of the following procedures would an auditor most likely perform to obtain assurance that slow-moving and obsolete items included in inventories are properly identified? A) Testing shipping and receiving cutoff procedures. B) Confirming inventories at locations outside the entity's premises. C) Examining an analysis of inventory turnover. D) Tracing inventory observation test counts to perpetual listings. 53. Which of the following procedures should an auditor perform concerning litigation, claims, and assessments? A) Inspect legal documents in the possession of the client's lawyer that are relevant to pending litigation and unasserted claims and assessments. B) Discuss with the client's lawyer its philosophy of defending litigation, claims, and assessments that have a high probability of being resolved unfavorably. C) Confirm directly with the client's lawyer that all litigation, claims, and assessments have been properly recorded in the financial statements. D) Obtain assurance from management that it has disclosed all unasserted claims that its lawyer has advised are probable of assertion. 54. Which of the following statements describes an auditor's obligation to identify deficiencies in the design or operation of internal control? A) The auditor should design and apply tests of controls to discover reportable conditions that could result in material misstatements. B) The auditor need not search for reportable conditions unless management requests an attestation that "no reportable conditions were noted in the audit." C) The auditor should search for reportable conditions if the auditor expects to assess control risk at below the maximum. D) The auditor need not search for reportable conditions but should document and communicate any reportable conditions that are discovered. 55. In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that A) The test includes all types of transaction errors and exceptions that may be encountered. B) The client's computer personnel do not know when the data are being tested. C) There is no risk of creating potentially material errors in the client's data. D) The size of the sample can be greatly expanded at relatively little additional cost. 56. An auditor examining inventory most likely would use variables sampling rather than attributes sampling to

A) Identify whether inventory items are properly priced. B) Estimate whether the dollar amount of inventory is reasonable. C) Discover whether misstatements exist in inventory records. D) Determine whether discounts for inventory are properly recorded. 57. "In connection with an audit of our financial statements, management has prepared, and furnished to our auditors a description and evaluation of certain contingencies." The foregoing passage most likely is from a(an) A) Audit inquiry letter to legal counsel. B) Management representation letter. C) Audit committee's communication to the auditor. D) Financial statement footnote disclosure. 58. Which of the following procedures would an auditor most likely perform in obtaining evidence about subsequent events? A) Examine a sample of transactions that occurred since the year end to verify the effectiveness of computer controls. B) Inquire of management whether there have been significant changes in working capital since the year end. C) Recompute depreciation charges for plant assets sold for substantial gains since the year end. D) Reperform the tests of controls that indicated significant deficiencies in the operation of internal control. 59. An auditor scans a client's investment records for the period just before and just after the year end to determine that any transfers between categories of investments have been properly recorded. The primary purpose of this procedure is to obtain evidence about management's financial statement assertions of A) Rights and obligations, and existence or occurrence. B) Valuation or allocation, and rights and obligations. C) Existence or occurrence, and presentation and disclosure. D) Presentation and disclosure, and valuation or allocation. 60. An auditor's communication with the audit committee is required to include the A) Basis for the auditor's preliminary judgment about materiality. B) Justification for the auditor's selection of sampling methods. C) Discussion of disagreements with management about matters that significantly impact the entity's financial statements. D) Assessment of the quality of the entity's earnings as compared to the previous year. 61. Which of the following professional services would be considered an attestation engagement? A) Advocating on behalf of a client about trust tax matters under review by the Internal Revenue Service. B) Providing financial analysis, planning, and capital acquisition services as a part-time, in-house controller.

C) Advising management in the selection of a computer system to meet business needs. D) Preparing the income statement and balance sheet for one year in the future based on client expectations and predictions. 62. An auditor confirmed accounts receivable as of an interim date, and all confirmations were returned and appeared reasonable. Which of the following additional procedures most likely shoud be performed at year end? A) Send confirmations for all new customer balances incurred from the interim date to year end. B) Resend confirmations for any significant customer balances remaining at year end. C) Review supporting documents for new large balances occurring after the interim date, and evaluate any significant changes in balances at year end. D) Review cash collections subsequent to the interim date and the year end. 63. The accounts receivable turnover ratio increased significantly over a two-year period. This trend could indicate that A) The accounts receivable aging has deteriorated. B) The company has eliminated its discount policy. C) The company is more aggressively collecting customer accounts. D) Customer sales have substantially decreased. 64. Which of the following parties should request inquiry of a client's lawyer? A) The auditor. B) The stockholders. C) Client management. D) The auditor's attorney. 65. When a company's stock record books are maintained by an outside registrar or transfer agent, the auditor should obtain confirmation from the registrar or transfer agent concerning the A) Amount of dividends paid to related parties. B) Expected proceeds from stock subscriptions receivable. C) Number of shares issued and outstanding. D) Proper authorization of stock rights and warrants. 66. Which of the following statements ordinarily is not included among the written client representations made by the chief executive officer and the chief financial officer? A) "Sufficient evidential matter has been made available to the auditor to permit the issuance of an unqualified opinion." B) "There are no unasserted claims or assessments that our lawyer has advised us are probable of assertion and must be disclosed." C) "We have no plans or intentions that may materially affect the carrying value or classification of assets and liabilities."

D) "No events have occurred subsequent to the balance sheet date that would require adjustment to, or disclosure in, the financial statements." 67. An auditor plans to apply substantive tests to the details of asset and liability accounts as of an interim date rather than as of the balance sheet date. The auditor should be aware that this practice A) Eliminates the use of certain statistical sampling methods that would otherwise be available. B) Presumes that the auditor will reperform the tests as of the balance sheet date. C) Should be especially considered when there are rapidly changing economic conditions. D) Potentially increases the risk that errors that exist at the balance sheet date will not be detected. 68. When a client engages in transactions involving derivatives, the auditor should A) Develop an understanding of the economic substance of each derivative. B) Confirm with the client's broker whether the derivatives are for trading purposes. C) Notify the audit committee about the risks involved in derivative transactions. D) Add an explanatory paragraph to the auditor's report describing the risks associated with each derivative. 69. Which of the following statements is correct about the sample size in statistical sampling when testing internal controls? A) The auditor should consider the tolerable rate of deviation from the controls being tested in determining sample size. B) As the likely rate of deviation decreases, the auditor should increase the planned sample size. C) The allowable risk of assessing control risk too low has no effect on the planned sample size. D) Of all the factors to be considered, the population size has the greatest effect on the sample size. 70. An auditor usually determines whether dividend income from publicly-held investments is reasonable by computing the amounts that should have been received by referring to A) Stock ledgers maintained by independent registrars. B) Dividend records on file with the SEC. C) Records produced by investment services. D) Minutes of the investee's board of directors. 71. The most reliable procedure for an auditor to use to test the existence of a client's inventory at an outside location would be to A) Observe physical counts of the inventory items. B) Trace the total on the inventory listing to the general ledger inventory account. C) Obtain a confirmation from the client indicating inventory ownership. D) Analytically compare the current-year inventory balance to the prior-year balance. 72. An auditor compared the current-year gross margin with the prior-year gross margin to determine if cost of sales is reasonable. What type of audit procedure was performed? A) Test of transactions.

B) Analytical procedures. C) Test of controls. D) Test of details. 73. Which of the following is true regarding reportable conditions? A) Auditors must search for them. B) Auditors must communicate them to the audit committee. C) They must be included in the financial statements. D) They must be disclosed in footnotes. 74. Tracing copies of computer-prepared sales invoices to copies of the corresponding computer-prepared shipping documents provides evidence that A) Shipments to customers were properly billed. B) Entries in the accounts receivable subsidiary ledger were for sales actually shipped. C) Sales billed to customers were actually shipped. D) No duplicate shipments to customers were made 75. An auditor compares annual revenues and expenses with similar amounts from the prior year and investigates all changes exceeding 10%. This procedure most likely could indicate that A) Fourth quarter payroll taxes were properly accrued and recorded, but were not paid until early in the subsequent year. B) Unrealized gains from increases in the value of available-for-sale securities were recorded in the income account for trading securities. C) The annual provision for uncollectible accounts expense was inadequate because of worsening economic conditions. D) Notice of an increase in property tax rates was received by management, but was not recorded until early in the subsequent year. 76. An auditor compares annual revenues and expenses with similar amounts from the prior year and investigates all changes exceeding 10%. This procedure most likely could indicate that A) Fourth quarter payroll taxes were properly accrued and recorded, but were not paid until early in the subsequent year. B) Unrealized gains from increases in the value of available-for-sale securities were recorded in the income account for trading securities. C) The annual provision for uncollectible accounts expense was inadequate because of worsening economic conditions. D) Notice of an increase in property tax rates was received by management, but was not recorded until early in the subsequent year. 77. An auditor's inquiries of management disclosed that the entity recently invested in a series of energy derivatives to hedge against the risks associated with fluctuating oil prices. Under these circumstances, the auditor should

A) Perform analytical procedures to determine if the derivatives are properly valued. B) Examine the contracts for possible risk exposure and the need to recognize losses. C) Confirm the marketability of the derivatives with a commodity specialist. D) Document the derivatives in the auditor's communication with the audit committee. 78. In auditing a manufacturing entity, which of the following procedures would an auditor least likely perform to determine whether slow-moving, defective, and obsolete items included in inventory are properly identified? A) Test the computation of standard overhead rates. B) Tour the manufacturing plant or production facility. C) Compare inventory balances to anticipated sales volume. D) Review inventory experience and trends. 79. Which of the following statements extracted from a client's lawyer's letter concerning litigation, claims, and assessments most likely would cause the auditor to request clarification? A) I believe that the plaintiff will have problems establishing any liability. B) I believe that this action has only a remote chance in establishing any liability. C) I believe that the plaintiff's case against the company is without merit. D) I believe that the company will be able to defend this action successfully. 80.An auditor discovered that a client's accounts receivable turnover is substantially lower for the current year than for the prior year. This may indicate that A) Obsolete inventory has not yet been reduced to fair market value. B) There was an improper cutoff of sales at the end of the year. C) An unusually large receivable was written off near the end of the year. D) The aging of accounts receivable was improperly performed in both years. 81. Which of the following matters most likely would be included in a management representation letter? A) An assessment of the risk factors concerning the misappropriation of assets. B) An evaluation of the litigation that has been filed against the entity. C) A confirmation that the entity has complied with contractual agreements. D) A statement that all material internal control weaknesses have been corrected. 82. When conducting field work for a physical inventory, an auditor cannot perform which of the following steps using a generalized audit software package? A) Observing inventory. B) Selecting sample items of inventory. C) Analyzing data resulting from inventory. D) Recalculating balances in inventory reports. 83. Which of the following would be used on a review engagement? A) Examination of board minutes.

B) Confirmation of cash and accounts receivable. C) Comparison of current-year to prior-year account balances. D) Recalculation of depreciation expense. 84. A retailing entity uses the Internet to execute and record its purchase transactions. The entity's auditor recognizes that the documentation of details of transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would A) Compare a sample of paid vendors' invoices to the receiving records at year end. B) Plan for a large measure of tolerable misstatement in substantive tests. c) Perform tests several times during the year, rather than only at year end. D) Increase the sample of transactions to be selected for cutoff tests. 85. Which of the following procedures would be most effective in reducing attestation risk? A) Discussion with responsible individuals. B) Examination of evidence. C) Inquiries of senior management. D) Analytical procedures. 86. Which of the following procedures does a CPA normally perform first in a review engagement in accordance with Statements on Standards for Accounting and Review Services (SSARS)? A) Inquiry regarding the client's principles and practices and the method of applying them. B) Inquiry concerning the effectiveness of the client's system of internal control. C) Inquiry to identify transactions between related parties and management. D) Inquiry of the client's professional advisors, including bankers, insurance agents, and consultants. 87. Which of the following factors would most likely influence an auditor's consideration of the reliability of data when performing analytical procedures? A) Whether the data were developed in a computerized or a manual accounting system. B) Whether the data were prepared on the cash basis or in conformity with GAAP. C) Whether the data were developed under a system with adequate controls. D) Whether the data were processed in an online system or a batch entry system. 88. When an auditor tests the internal controls of a computerized accounting system, which of the following is true of the test data approach? A) Test data are coded to a dummy subsidiary so they can be extracted from the system under actual operating conditions. B) Test data programs need not be tailor-made by the auditor for each client's computer applications. C) Test data programs usually consist of all possible valid and invalid conditions regarding compliance with internal controls. D) Test data are processed with the client's computer and the results are compared with the auditor's predetermined results.

89. An auditor's principal objective in analyzing repairs and maintenance expense accounts is to A) Determine that all obsolete plant and equipment assets were written off before the year end. B) Verify that all recorded plant and equipment assets actually exist. C) Discover expenditures that were expensed but should have been capitalized. D) Identify plant and equipment assets that cannot be repaired and should be written off. 90. The auditor's inventory observation test counts are traced to the client's inventory listing to test for which of the following financial statement assertions? A) Completeness. B) Rights and obligations. C) Valuation or allocation. D) Presentation and disclosure. 91. Which of the following is an analytical procedure that an auditor most likely would perform when planning an audit? A) Confirming bank balances with the financial institutions. B) Scanning accounts receivable for amounts over credit limits. C) Recalculating inventory extensions of physical inventory counts. D) Comparing the current-year account balances for conformity with predictable patterns. 92. In which of the following circumstances is substantive testing of accounts receivable before the balance sheet date most appropriate? A) The client has a new sales incentive program in place. B) Internal controls during the remaining period are effective. C) There is a high turnover of senior management. D) It is a first engagement of a new client. 93. An analysis of which of the following accounts would best aid in verifying that all fixed assets have been capitalized? A) Cash. B) Depreciation expense. C) Property tax expense. D) Repairs and maintenance. 94. Which of the following characteristics most likely would be an advantage of using classical variables sampling rather than probability-proportional-to-size (PPS) sampling? A) The selection of negative balances requires no special design considerations. B) The sampling process can begin before the complete population is available. C) The auditor need not consider the preliminary judgments about materiality. D) The sample will result in a smaller sample size if few errors are expected.

95. Which of the following matters is an auditor required to communicate to an entity's audit committee? A) Adjustments that were suggested by the auditor and recorded by management that have a significant effect on the entity's financial reporting process. B) The auditor's consideration of risk factors in assessing the risk of material misstatement arising from the misappropriation of assets. C) The results of the auditor's analytical procedures performed in the review stage of the engagement that indicate significant variances from expected amounts. D) Changes in the auditor's preliminary judgment about materiality that were caused by projecting the results of statistical sampling for tests of transactions. 96. For which of the following audit tests would a CPA most likely use attribute sampling? A) Identifying entries posted to incorrect accounts. B) Estimating the amount in an expense account. C) Evaluating the reasonableness of depreciation expense. D) Selecting receivables for confirmation of account balances. 97. Which of the following strategies most likely could improve the response rate of the confirmations of accounts receivable? A) Restrict the selection of accounts to be confirmed to those customers with large balances. B) Include a list of items or invoices that constitute the customers' account balances. C) Explain to customers that discrepancies will be investigated by an independent third party. D) Ask customers to respond to the confirmation requests directly to the auditor by fax. 98. Which of the following procedures would an auditor most likely perform in auditing the statement of cash flows? A) Reconcile the amounts included in the statement of cash flows to the other financial statements' amounts. B) Vouch a sample of cash receipts and disbursements for the last few days of the current year. C) Reconcile the cutoff bank statement to the proof of cash to verify the accuracy of the year-end cash balance. D) Confirm the amounts included in the statement of cash flows with the entity's financial institution. 99. In establishing the existence and ownership of long-term investments in the form of publicly-traded stock, an auditor most likely would inspect the securities or A) Correspond with the investee company to verify the number of shares owned. B) Confirm the number of shares owned that are held by an independent custodian. C) Apply analytical procedures to the dividend income and investments accounts. D) Inspect the cash receipts journal for amounts that could represent the sale of securities. 100. Before applying principal substantive tests to an entity's accounts receivable at an interim date, an auditor should A) Consider the likelihood of assessing the risk of incorrect rejection too low.

B) Project sampling risk at the maximum for tests covering the remaining period. C) Ascertain that accounts receivable are immaterial to the financial statements. D) Assess the difficulty in controlling the incremental audit risk. 101. To obtain assurance that all inventory items in a client's inventory listing are valid, an auditor most likely would trace A) Inventory tags noted during the auditor's observation to items listed in receiving reports and vendors' invoices. B) Items listed in receiving reports and vendors' invoices to the inventory listing. C) Inventory tags noted during the auditor's observation to items in the inventory listing. D) Items in the inventory listing to inventory tags and the auditor's recorded count sheets. 1.A 2.A 3.D 4.D 5.C 6.A 7.D 8.B 9.B 10.C 11.D 12.B 13.B 14.C 15.D 16.A 17.C 18.D 19.C 20.B 21.B 22.B 23.C 24.C 25.A 26.C 27.D 28.D 29.A 30.B 31.B 32.D 33.D 34.C 35.B 36.D 37.B 38.D 39.c 40.C 41.B 42.C 43.B 44.A 45.D 46.D 47.C 48.D 49.B 50.A 51.D 52.C 53.D 54.D 55.D 56.B 57.A 58.B 59.D 60.C 61.D 62.C 63.C 64.C 65.C 66.A 67.D 68.A 69.A 70.C 71.A 72.B 73.B 74.C 75.C 76.B 77.B 78.A 79.A 80.B 81.C 82.A 83.C 84.C 85.B 86.A 87.C 88.D 89.C 90.A 91.D 92.B 93.D 94.A 95.A 96.A 97.B 98.A 99.B 100.D

Auditing and Attestation 4: Evaluating Audit Findings, Communications, and Reporting Appropriate Audit Evidence
Audit evidence is evidence obtained during a financial audit and recorded in the audit working papers.

In the audit engagement acceptance or reappointment stage, audit evidence is the information that the auditor is to consider for the appointment. For examples, change in the entity control environment, inherent risk and nature of the entity business, and scope of audit work.

In the audit planning stage, audit evidence is the information that the auditor is to consider for the most effective and efficient audit approach. For examples, reliability of internal control procedures, and analytical review systems. In the control testing stage, audit evidence is the information that the auditor is to consider for the mix of audit test of control and audit substantive tests. In the substantive testing stage, audit evidence is the information that the auditor is to make sure the appropriation of financial statement assertions. For examples, existence, rights andobligations, occurrence, completeness, valuation, measurement, pres entation and disclosure of a particular transaction or account balance. In the conclusion and opinion formulation stage, audit evidence is information that the auditor is to consider whether the financial statements as a whole presents with completeness, validity, accuracy and consistency with the auditor's understanding of the entity.

Which of the following procedures would provide the most reliable audit evidence?

Inspection of bank statements obtained directly from the client's financial institution.

A vendor's invoice received and held by the client would be considered what type of evidence?

External-internal

Which of the following statements is generally correct about the appropriateness of audit evidence?

Auditors' direct personal knowledge, obtained through observation and inspection, is more persuasive than information obtained indirectly from independent outside sources.

Internal evidence:

Consists of documents that are produced, used, and stored within the client's information system.

Which of the following presumptions is correct about the reliability of audit evidence?

An effective system of internal control provides more assurance about the reliability of audit evidence.

Auditor's report

The auditor's report is a formal opinion, or disclaimer thereof, issued by either an internal auditor or an independent external auditor as a result of an internal or external audit or evaluation performed on a legal entity or subdivision thereof (called an "auditee"). The report is subsequently provided to a "user" (such as an individual, a group of persons, a company, a government, or even the general public, among others) as an assurance service in order for the user to make decisions based on the results of the audit. An auditor's report is considered an essential tool when reporting financial information to users, particularly in business. Since many third-party users prefer, or even require financial information to be certified by an independent external auditor, many auditees rely on auditor reports to certify their information in order to attract investors, obtain loans, and improve public appearance. Some have even stated that financial information without an auditor's report is "essentially worthless" for investing purposes. Auditor's report on financial statements It is important to note that auditor's reports on financial statements are neither evaluations nor any other similar determination used to evaluate entities in order to make a decision. The report is only an opinion on whether the information presented is correct and free from material misstatements, whereas all other determinations are left for the user to decide. There are four common types of auditor's reports, each one presenting a different situation encountered during the auditor's work.

Adverse Opinion report

An Adverse Opinion is issued when the auditor determines that the financial statements of an auditee are materially misstated and, when considered as a whole, do not conform with GAAP. It is considered the opposite of an unqualified or clean opinion, essentially stating that the information contained is materially incorrect, unreliable, and inaccurate in order to assess the auditee's financial position and results of operations. Investors, lending institutions, and governments very rarely accept an auditee's financial statements if the auditor issued an adverse opinion, and usually request the auditee to correct the financial statements and obtain another audit report. Generally, an adverse opinion is only given if the financial statements pervasively differ from GAAP. An example of such a situation would be failure of a company to consolidate a material subsidiary. The wording of the adverse report is similar to the qualified report. The scope paragraph is modified accordingly and an explanatory paragraph is added to explain the reason for the adverse opinion after the scope paragraph but before the opinion paragraph. However, the most significant change in the adverse report from the qualified report is in the opinion paragraph, where the auditor clearly states that the

financial statements are not in accordance with GAAP, which means that they, as a whole, are unreliable, inaccurate, and do not present a fair view of the auditee's position and operations. "In our opinion, because of the situations mentioned above (in the explanatory paragraph), the financial statements referred to in the first paragraph do not present fairly, in all material respects, the financial position of"

Auditor's report on internal controls of public companies

Following the enactment of the Sarbanes-Oxley Act of 2002, the Public Company Accounting Oversight Board (PCAOB) was established in order to monitor, regulate, inspect, and discipline audit and public accounting firms of public companies. The PCAOB Auditing Standards No. 2 now requires auditors of public companies to include an additional disclosures in the opinion report regarding the auditee's internal controls, and to opine about the company's and auditor's assessment on the company's internal controls over financial reporting. These new requirements are commonly referred to as the COSO Opinion. The auditor's report is modified to include all necessary disclosures by either presenting the report subsequent to the report on the financial statements, or combining both reports into one auditor's report. The following is an example of the former version of adding a separate report immediately after the auditor's report on financial statements. Internal control over financial reporting We have also audited management's assessment, included in the accompanying Management's Annual Report on Internal Control Over Financial Reporting, that the Company maintained effective internal control over financial reporting as of December 31, 20XX, based on criteria established in Internal ControlIntegrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission ("COSO").The Company's management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting. Our responsibility is to express an opinion on management's assessment and on the effectiveness of the Company's internal control over financial reporting based on our audit.We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, evaluating management's assessment, testing and evaluating the design and operating effectiveness of internal control, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. In our opinion, management's assessment that ABC Company maintained effective internal control over financial reporting as of December 31, 20XX, is fairly stated, in all material respects, based on criteria established in Internal ControlIntegrated Framework issued by COSO. Furthermore, in our opinion, ABC Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 20XX, based on criteria established in Internal ControlIntegrated Framework issued by COSO.

Auditor's reports on financial statements in different countries

The auditor's report usually does not vary from country to country, although some countries do require either additional or less wording. In the United States, auditors are required to include in the scope paragraphs a phrase stating that they conducted their audit "in accordance with generally accepted auditing standards in the United States of America", and, in the opinion paragraph, state whether the financial statements are presented "in conformity with generally accepted accounting principles in the United States of America". Some countries, such as the Philippines, use similar reports to those issued in the United States, with the exception that second paragraph would state that the audit was conducted in accordance with Philippine Standards on Auditing, and that the financial statements are in accordance with Philippine Financial Reporting Standards.

Disclaimer of Opinion report

A Disclaimer of Opinion, commonly referred to simply as a Disclaimer, is issued when the auditor could not form and consequently refuses to present an opinion on the financial statements. This type of report is issued when the auditor tried to audit an entity but could not complete the work due to various reasons and does not issue an opinion. The disclaimer of opinion report can be traced back to 1949, when the Statement on Auditing Procedure No. 23: Recommendation Made To Clarify Accountant's Representations When Opinion Is Not Expressed was published in order to provide guidance to auditors in presenting a disclaimer. Statements on Auditing Standards (SAS) provide certain situations where a disclaimer of opinion may be appropriate:

A lack of independence, or material conflict(s) of interest, exist between the auditor and the auditee (SAS No. 26) There are significant scope limitations, whether intentional or not, which hinder the auditor's work in obtaining evidence and performing procedures (SAS No. 58); There is a substantial doubt about the auditee's ability to continue as a going concern or, in other words, continue operating (SAS No. 59) There are significant uncertainties within the auditee (SAS No. 79).

Although this type of opinion is rarely used, the most common examples where disclaimers are issued include audits where the auditee willfully hides or refuses to provide evidence and information to the auditor in significant areas of the financial statements, where the auditee is facing significant legal and litigation issues in which the outcome is uncertain (usually government investigations), and where the auditee has going concern issues (the auditee may not continue operating in the near future). Investors, lending institutions, and governments typically reject an auditee's financial statements if the auditor disclaimed an opinion, and will request the auditee to correct the situations the auditor mentioned and obtain another audit report. A disclaimer of opinion differs substantially from the rest of the auditor's reports because it provides very little information regarding the audit itself, and includes an explanatory paragraph stating the reasons for the disclaimer. Although the report still contains the letterhead, the auditee's name and address, the auditor's signature and address, and the report's issuance date, every other paragraph is modified extensively, and the scope paragraph is entirely omitted since the auditor is basically stating that an audit could not be realized. In the introductory paragraph, the first phrase changes from "We have audited" to "We were engaged to audit" in order to let the user know that the auditee commissioned an audit, but does not mention that the auditor necessarily completed the audit. Additionally, since the audit was not completely and/or adequately performed, the auditor refuses to accept any responsibility by omitting the last sentence of the paragraph. The scope paragraph is omitted in its entirety since, effectively, no audit was performed. Similar to the qualified and the adverse opinions, the auditor must briefly discuss the situations for the

disclaimer in an explanatory paragraph. Finally, the opinion paragraph changes completely, stating that an opinion could not be formed and is not expressed because of the situations mentioned in the previous paragraphs. The following is a draft of the three main paragraphs of a disclaimer of opinion because of inadequate accounting records of an auditee, which is considered a significant scope of limitation: We were engaged to audit the accompanying balance sheet of ABC Company, Inc. (the "Company") as of December 31, 20XX and the related statements of income and cash flows for the year then ended. These financial statements are the responsibility of the Company's management. The Company does not maintain adequate accounting records to provide sufficient information for the preparation of the basic financial statements. The Company's accounting records do not constitute a double-entry system which can produce financial statements. Because of the significance of the matters discussed in the preceding paragraphs, the scope of our work was not sufficient to enable us to express, and we do not express, an opinion of the financial statements referred to in the first paragraph.

Going concern
Going concern is a term which means that an entity will continue to operate in the near future which is generally more than next 12 months, so long as it generates or obtains enough resources to operate. If the auditee is not a going concern, it means that the entity might not be able to sustain itself within the next twelve months. Auditors are required to consider the going concern of an auditee before issuing a report. If the auditee is not a going concern, the auditor does not modify his/her report in any way. However, if the auditor considers that the auditee is a going concern, or will be a going concern in the near future, then the auditor is required to include an explanatory paragraph before the opinion paragraph or following the opinion papragraph, in the audit report explaining the situation, which is commonly referred to as the going concern disclosure. Such an opinion is called an "unqualified modified opinion". Unfortunately, many auditors are increasingly reluctant to include this disclosure in their opinions, since it is considered a "self-fulfilling prophesy" by some. This is because a disclosure for a lack of going concern is viewed negatively by investors, lending institutions, and credit agencies, and therefore reduces the chance that the auditee may obtain the capital or borrowing it needs to survive once the disclosure is made. If this situation occurs, the auditee is more likely to stop being a going concern while the auditor loses potential future audit engagements, and so the auditor may be pressured to avoid including a going concern disclosure. In a study performed on 2001 bankruptcies, nearly half (48%) of selected public companies who faced bankruptcy in 2001 did not have a "going concern disclosure" in the previous auditor's reports. Additionally, 12 of the 20 largest bankruptcies in U.S. history occurred between 2001 and 2002 and none of them had a "going concern disclosure" in their previous auditor's report.

As for the actual wording of the auditor's report, when a lack of going concern is determined by the auditor, the disclosure paragraph should state the situation, state the auditor's determination, and state the auditee's plan to correct the situation. The disclosure paragraph should immediately follow the opinion paragraph. The following is the most widely used format of the paragraph which, in this case, deals with a company that has recurring losses: The accompanying financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note (X) to the financial statements, the Company has suffered recurring losses and has a net capital deficiency. These conditions raise substantial doubt about its ability to continue as a going concern. Management's plans in regard to these matters are also described in Note (X). The financial statements do not include any adjustments relating to the recoverability and classification of asset carrying amounts or the amount and classification of liabilities that might result should the Company be unable to continue as a going concern.

Other explanatory information and paragraphs

Although the auditor reports mentioned above are the standard reports for financial statement audits, the auditor may add additional information to the report if it is deemed necessary without changing the overall opinion of the report. Usually, this additional information is included after the opinion paragraph, although some situations require that the additional information be included in paragraphs before the opinion paragraph. The most frequent paragraphs include:

Limiting distribution of the report In some occasions, the audit report is restricted to a specified user and the auditor includes this restriction in the report, such as a report for financial statements made in cash basis which are prepared for tax purposes only, financial statements for a wholly owned subsidiary whose sole user of its financial statements is its parent company, etc. Additional or supplemental information Certain auditees include additional and/or supplemental information with their financial statements which is not directly related to the financial statements. Examples include governments that incorporate health, crime, and education statistics along with the financial statement reports for the general public to read and use. Since it is not directly related to the audit of the financial statements, the auditor includes a brief disclaimer paragraph to state that the auditor's report only applies to the financial statements and its respective notes. Certain audit work performed by another auditor Sometimes an auditee requires that two or more auditors perform audits on its operations in order to obtain a more effective audit. This usually occurs in large governments and corporations who have certain dependencies, subsidiaries, or other

similar components which require an auditor different from its main auditor to perform an audit on the original auditee's component due to size, time, location, and/or technical constraints. When the main auditor has to rely on another auditor's work, the main auditor may either accept responsibility for the component's information and not modify the audit report, or may chose to disclaim the audit on the specific component, stating that the main auditor did not audit the component, that another auditor audited the component, that the component's audited information is therefore the responsibility of another auditor, and that the main auditor is simply including it in the original auditee's information. If used, this disclaimer is usually included in the introductory paragraph.

Qualified Opinion report

A Qualified Opinion report is issued when the auditor encountered one of two types of situations which do not comply with generally accepted accounting principles, however the rest of the financial statements are fairly presented. This type of opinion is very similar to an unqualified or "clean opinion", but the report states that the financial statements are fairly presented with a certain exception which is otherwise misstated. The two types of situations which would cause an auditor to issue this opinion over the Unqualified opinion are:

Single deviation from GAAP this type of qualification occurs when one or more areas of the financial statements do not conform with GAAP (e.g. are misstated), but do not affect the rest of the financial statements from being fairly presented when taken as a whole. Examples of this include a company dedicated to a retail business that did not correctly calculate the depreciation expense of its building. Even if this expense is considered material, since the rest of the financial statements do conform with GAAP, then the auditor qualifies the opinion by describing the depreciation misstatement in the report and continues to issue a clean opinion on the rest of the financial statements. Limitation of scope this type of qualification occurs when the auditor could not audit one or more areas of the financial statements, and although they could not be verified, the rest of the financial statements were audited and they conform GAAP. Examples of this include an auditor not being able to observe and test a company's inventory of goods. If the auditor audited the rest of the financial statements and is reasonably sure that they conform with GAAP, then the auditor simply states that the financial statements are fairly presented, with the exception of the inventory which could not be audited.

The wording of the qualified report is very similar to the Unqualified opinion, but an explanatory paragraph is added to explain the reasons for the qualification after the scope paragraph but before the opinion paragraph. The introductory paragraph is left exactly the same as in the unqualified opinion, while

the scope and the opinion paragraphs receive a slight modification in line with the qualification in the explanatory paragraph. The scope paragraph is edited to include the following phrase in the first sentence, so that the user may be immediately aware of the qualification. This placement also informs the user that, except for the qualification, the rest of the audit was performed without qualifications: "Except as discussed in the following paragraph, we conducted our audit..." The opinion paragraph is also edited to include an additional phrase in the first sentence, so that the user is reminded that the auditor's opinion explicitly excludes the qualification expressed. Depending on the type of qualification, the phrase is edited to either state the qualification and the adjustments needed to correct it, or state the scope limitation and that adjustments could have but not necessarily been required in order to correct it. For a qualification arising from a deviation from GAAP, the following phrase is added to the opinion paragraph, using the depreciation example mentioned above: "In our opinion, except for the effects of the Company's incorrect determination of depreciation expense, the financial statement referred to in the first paragraph presents fairly, in all material respects, the financial position of" For a qualification arising from a scope of limitation, the following phrase is added to the opinion paragraph, using the inventory example mentioned above: "In our opinion, except for the effects of such adjustments, if any, as might have been determined to be necessary had we been able to perform proper tests and procedures on the Company's inventory, the financial statement referred to in the first paragraph presents fairly, in all material respects, the financial position of" Due to the phrases added to the scope and opinion paragraphs, many refer to this report as the Except-For Opinion.

Unqualified Opinion
An opinion is said to be unqualified when the Auditor concludes that the Financial Statements give a true and fair view in accordance with the financial reporting framework used for the preparation and presentation of the Financial Statements. An Auditor gives a Clean opinion or Unqualified Opinion when he or she does not have any significant reservation in respect of matters contained in the Financial Statements. The most frequent type of report is referred to as the "Unqualified Opinion", and is regarded by many as the equivalent of a "clean bill of health" to a patient, which has led many to call it the "Clean Opinion", but in reality it is not a clean bill of health, because the Auditor can only provide reasonable

assurance regarding the Financial Statements, not the health of the company itself, or the integrity of company records not part of the foundation of the Financial Statements. This type of report is issued by an auditor when the financial statements presented are free of material misstatements and are represented fairly in accordance with the Generally Accepted Accounting Principles (GAAP), which in other words means that the company's financial condition, position, and operations are fairly presented in the financial statements. It is the best type of report an auditee may receive from an external auditor. An Unqualified Opinion indicates the following (1) The Financial Statements have been prepared using the Generally Accepted Accounting Principles which have been consistently applied; (2) The Financial Statements comply with relevant statutory requirements and regulations; (3) There is adequate disclosure of all material matters relevant to the proper presentation of the financial information subject to statutory requirements, where applicable; (4) Any changes in the accounting principles or in the method of their application and the effects thereof have been properly determined and disclosed in the Financial Statements. The report consists of a title and header, a main body, the auditor's signature and address, and the report's issuance date. US auditing standards require that the title includes "independent" to convey to the user that the report was unbiased in all respects. Traditionally, the main body of the unqualified report consists of three main paragraphs, each with distinct standard wording and individual purpose, however certain auditors (including PricewaterhouseCoopers) have since modified the arrangement of the main body (but not the wording) in order to differentiate themselves from other audit firms, even though such modification is contrary to the clarified US AICPA standards on auditing. The first paragraph (commonly referred to as the introductory paragraph) states the audit work performed and identifies the responsibilities of the auditor and the auditee in relation to the financial statements. The second paragraph (commonly referred to as the scope paragraph) details the scope of audit work, provides a general description of the nature of the work, examples of procedures performed, and any limitations the audit faced based on the nature of the work. This paragraph also states that the audit was performed in accordance with the country's prevailing generally accepted auditing standards and regulations. The third paragraph (commonly referred to as the opinion paragraph) simply states the auditor's opinion on the financial statements and whether they are in accordance with generally accepted accounting principles. The following is an example of a standard unqualified auditor's report on financial statements as it is used in most countries, using the name ABC Company as an auditee's name. Note that this report is acceptable only for periods ending before December 15, 2012: INDEPENDENT AUDITOR'S REPORT Board of Directors, Stockholders, Owners, and/or Management of ABC Company, Inc. 123 Main St. Anytown, Any Country

We have audited the accompanying balance sheet of ABC Company, Inc. (the "Company") as of December 31, 20XX and the related statements of income, retained earnings, and cash flows for the year then ended. These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with auditing standards generally accepted in (the country where the report is issued). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion. In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of the Company as of December 31, 20XX, and the results of its operations and its cash flows for the year then ended in accordance with generally accepted accounting principals in (the country where the report is issued). AUDITOR'S SIGNATURE Auditor's name and address Date = Last day of any significant field work This date should not be dated earlier than when the auditor has sufficient audit evidence to support the opinion. For periods ending after December 15, 2012, the following is an example of a standard unqualified auditor's report on financial statements as it is used in most countries, using the name ABC Company, which was incorporated in California, as an auditee's name: INDEPENDENT AUDITOR'S REPORT Board of Directors, Stockholders, Owners, and/or Management of ABC Company, Inc. 123 Main St. Anytown, Any Country We have audited the accompanying financial statements of ABC Company, Inc. (a California corporation), which comprise the balance sheet as of December 31, 20XX, and the related statements of income, retained earnings, and cash flows for the year then ended, and the related notes to the financial statements. Management's Responsibility for the Financial Statements Management is responsible for the preparation and fair presentation of these consolidated financial statements in accordance with U.S. generally accepted accounting principles; this includes the design,

implementation, and maintenance of internal control relevant to the preparation and fair presentation of consolidated financial statements that are free from material misstatement, whether due to fraud or error. Auditor's Responsibility Our responsibility is to express an opinion on these consolidated financial statements based on our audit. We conducted our audit in accordance with U.S. generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the consolidated financial statements. The procedures selected depend on the auditors' judgment, including the assessment of the risks of material misstatement of the consolidated financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity's preparation and fair presentation of the consolidated financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity's internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of ABC Company, Inc. as of December 31, 20XX, and the results of its operations and its cash flows for the year then ended in accordance with U.S. generally accepted accounting principles. AUDITOR'S SIGNATURE Auditor's name and address Date = Last day of any significant field work This date should not be dated earlier than when the auditor has sufficient audit evidence to support the opinion.

Opinion shopping
Opinion shopping is a term used by external auditors and, after the Enron and Arthur Andersen accounting scandals, the media and general public refer to auditees who contract or reject auditors based on the type of opinion report they will issue on the auditee. The underlying principles of this concept are that auditees determine the compensation to auditors for their work (called "audit fees") as well as awarding future audit engagements; that such fees are the auditor's main source of income; that certain auditees may try to contract auditors that will issue audit opinions based on the auditees' needs;

and that certain auditors are willing to comply with such demands so long as they are assured future audit engagements. The most common example is an auditee that knows that the current auditor is going to issue a qualified, adverse, or disclaimer of opinion report, who then rescinds the audit engagement before the opinion is issued, and subsequently "shops" for another auditor who is willing to issue an "unqualified" opinion, regardless of any qualifying situations mentioned in the previous sections. However, opinion shopping is not limited to auditees contracting auditors based on issuing opinions. It also includes auditors who are over-pleasing to auditees by issuing unqualified reports without properly auditing, or by simply overlooking material issues affecting the audit. These auditors' objective is to appear much more attractive and easy-going than other auditors in order to secure future audit engagements and fees. Experts agree that, although the great majority of auditors are not willing to jeopardize their profession and reputation for guaranteed audit fees, there are some that will issue opinions solely based on obtaining or maintaining audit engagements. This includes auditors who knowingly emit unmodified unqualified opinions for auditees who are engaged in illegal activities, auditees who have caused a material scope of limitation, auditees that have a lack of going concern, or auditees who present fraudulent financial statements (e.g. Enron and Arthur Andersen). This situation is a clear conflict of interest which should hinder an auditor's independence and the ability to audit (AICPA Code of Ethics), but some auditors willingly ignore this statute. Recent laws and industry standards have been implemented in order to correct this situation, which include the Sarbanes-Oxley Act and the AICPA's Peer Review Program.

AUD 4 (Evaluating Audit Findings, Communications, and Reporting) Questions

1. An auditor finds several errors in the financial statements that the client prefers not to correct. The auditor determines that the errors are not material in the aggregate. Which of the following actions by the auditor is most appropriate? A) Document the errors in the summary of uncorrected errors, and document the conclusion that the errors do not cause the financial statements to be misstated. B) Document the conclusion that the errors do not cause the financial statements to be misstated, but do not summarize uncorrected errors in the working papers. C) Summarize the uncorrected errors in the working papers, but do not document whether the errors cause the financial statements to be misstated. D) Do not summarize the uncorrected errors in the working papers, and do not document a conclusion about whether the uncorrected errors cause the financial statements to be misstated. 2. When applying analytical procedures during an audit, which of the following is the best approach for developing expectations? A) Considering unaudited account balances and ratios to calculate what adjusted balances should be. B) Identifying reasonable explanations for unexpected differences before talking to client management.

C) Considering the pattern of several unusual changes without trying to explain what caused them. D) Comparing client data with client-determined expected results to reduce detailed tests of account balances. 3. Which of the following statements is most accurate regarding sufficient and appropriate documentation? A) Accounting estimates are not considered sufficient and appropriate documentation. B) Sufficient and appropriate documentation should include evidence that the audit working papers have been reviewed. C) If additional evidence is required to document significant findings or issues, the original evidence is not considered sufficient and appropriate and therefore should be deleted from the working papers. D) Audit documentation is the property of the client, and sufficient and appropriate copies should be retained by the auditor for at least five years. 4.If not already performed during the overall review stage of the audit, the auditor should perform analytical procedures relating to which of the following transaction cycles? A) Payroll. B) Revenue. C) Purchasing. D) Inventory. 5. An entity's comparative financial statements include the financial statements of the prior year that were audited by a predecessor auditor whose report is not presented. If the predecessor's report was qualified, the successor should A) Issue an updated comparative audit report indicating the division of responsibility. B) Explain to the client that comparative financial statements may not be presented under these circumstances. C) Express an opinion only on the current year's financial statements and make no reference to the prior year's statements. D) Indicate the substantive reasons for the qualification in the predecessor auditor's opinion. 6. An auditor believes there is substantial doubt about an entity's ability to continue as a going concern for a reasonable period of time. In evaluating the entity's plans for dealing with the adverse effects of future conditions and events, the auditor most likely would consider, as a mitigating factor, the entity's plans to A) Purchase production facilities currently being leased from a third party. B) Postpone expenditures to upgrade its information technology system. C) Pay cash dividends that are in arrears to the preferred stockholders. D) Increase the useful lives of plant assets for depreciation purposes. 7. After issuing an auditor's report, an auditor becomes aware of facts that existed at the report date that would have affected the report had the auditor known of the facts at the time. What is the first thing the auditor should do?

A) Notify each member of the board of directors that the auditor's report may not be associated with the financial statements from this point forward. B) Issue revised financial statements and auditor's report describing the reason for the revision in a note to the financial statements. C) Determine whether there are persons currently relying on, or likely to rely on, the financial statements and whether those persons would attach importance to the information. D) Notify regulatory agencies having jurisdiction over the client that the auditor's report should not be relied upon from this point forward. 8. A primary objective of analytical procedures used in the final review stage of an audit is to A) Identify account balances that represent specific risks relevant to the audit. B) Gather evidence from tests of details to corroborate financial statement assertions. C) Detect fraud that may cause the financial statements to be misstated. D) Assist the auditor in evaluating the overall financial statement presentation. 9. Which of the following conditions or events most likely would cause an auditor to have substantial doubt about an entity's ability to continue as a going concern? A) Significant related party transactions are pervasive. B) Usual trade credit from suppliers is denied. C) Arrearages in preferred stock dividends are paid. D) Restrictions on the disposal of principal assets are present. 10. After considering management's plans, an auditor concludes that there is substantial doubt about a client's ability to continue as a going concern for a reasonable period of time. The auditor's responsibility includes A) Disclaiming an opinion on the financial statements due to the indications of possible financial difficulties. B) Indicating to the client's audit committee whether management's plans for dealing with the adverse effects of the financial difficulties can be effectively implemented. C) Considering the adequacy of disclosure about the client's possible inability to continue as a going concern. D) Issuing a qualified or adverse opinion, depending upon materiality, due to the possible effects on the financial statements. 11. Which of the following activities is an analytical procedure an auditor would perform in the final overall review stage of an audit to ensure that the financial statements are free from material misstatement? A) Reading the minutes of the board of directors' meetings for the year under audit. B) Obtaining a letter concerning potential liabilities from the clients attorney. C) Comparing the current years financial statements with those of the prior year. D) Ensuring that a representation letter signed by management is in the file.

12. After an audit report is issued, an auditor discovers that an important audit procedure was not performed. Which of the following procedures is acceptable in this situation? A) No further action is necessary if the audit report can still be supported. B) Let the current report stand and correct material errors on the next audit report. C) Immediately notify known users of the omitted audit procedure. D) Require that the client notify financial statements users of the omitted procedures. 13. Which of the following statements is true regarding analytical procedures in a review engagement? A) Analytical procedures are not required to be used as a substantive test. B) Analytical procedures do not involve comparisons of recorded amounts to expected amounts. C) Analytical procedures are required to be used in the final review stage. D) Analytical procedures involve the use of both financial and nonfinancial data. 14. A client decides not to make an auditor's proposed adjustments that collectively are not material and wants the auditor to issue the report based on the unadjusted numbers. Which of the following statements is correct regarding the financial statement presentation? A) The financial statements are free from material misstatement, and no disclosure is required in the notes to the financial statements. B) The financial statements do not conform with generally accepted accounting principles (GAAP). C) The financial statements contain unadjusted misstatements that should result in a qualified opinion. D) The financial statements are free from material misstatement, but disclosure of the proposed adjustments is required in the notes to the financial statements. 15. An auditor believes that there is substantial doubt about an entity's ability to continue as a going concern for a reasonable period of time. In evaluating the entity's plans for dealing with the adverse effects of future conditions and events, the auditor most likely would consider, as a mitigating factor, the entity's plans to A) Extend the due dates of existing loans. B) Operate at increased levels of production. C) Accelerate expenditures for research and development projects. D) Issue stock options to key executives. 16. For the fiscal year ending December 31, previous year and the current year, Justin Co. has net sales of $1,000,000 and $2,000,000; average gross receivables of $100,000 and $300,000; and allowance for uncollectible accounts receivable of $30,000 and $50,000, respectively. If the accounts receivable turnover and the ratio of allowance for uncollectible accounts receivable to gross accounts receivable are calculated, which of the following best represents the conclusions to be drawn? A) Accounts receivable turnovers are 10.0 and 6.6 and the ratios of uncollectible accounts receivable to gross accounts receivable are 0.30 and 0.16, respectively. Examine allowance for possible overstatement of the allowance. B) Accounts receivable turnovers are 10.0 and 6.6 and the ratios of uncollectible accounts receivable to gross accounts receivable are 0.30 and 0.16, respectively. Examine allowance for possible understatement

of the allowance. C) Accounts receivable turnovers are 14.3 and 8.0 and the ratios of uncollectible accounts receivable to gross accounts receivable is 0.42 and 0.20, respectively. Examine allowance for possible overstatement of the allowance. D) Accounts receivable turnovers are 14.3 and 8.0 and the ratios of uncollectible accounts receivable to gross accounts receivable are 0.42 and 0.20, respectively. Examine allowance for possible understatement of the allowance. 17. When a CPA examines a clients projected financial statements, the CPAs report should A) Explain the principal differences between historical and projected financial statements. B) State that the CPA performed procedures to evaluate managements assumptions. C) Refer to the CPAs auditors report on the historical financial statements. D) Include the CPAs opinion on the clients ability to continue as a going concern. 18. Which of the following matters would an auditor most likely communicate to an entitys audit committee? A) A list of negative trends that may lead to working capital deficiencies and adverse financial ratios. B) The level of responsibility assumed by management for the preparation of the financial statements. C) Difficulties encountered in achieving a satisfactory response rate from the entitys customers in confirming accounts receivables. D) The effects of significant accounting policies adopted by management in emerging areas for which there is no authoritative guidance. 19. When assessing control risk at below the maximum level, an auditor is required to document the auditor's understanding of the I. Entity's control activities that help ensure management directives are carried out. II. Entity's control environment factors that help the auditor plan the engagement. A) I only. B) II only. C) Both I and II. D) Neither I nor II. 20. The auditors report on internal controls and compliance with laws and regulations in accordance with Government Auditing Standards (the Yellow Book), is required to include I. The scope of the auditors testing of internal controls. II. Uncorrected misstatements that were determined by management to be immaterial. A) I only. B) II only. C) Both I and II. D) Neither I nor II.

21. An auditors analytical procedures performed during the overall review stage indicated that the clients accounts receivable had doubled since the end of the prior year. However, the allowance for doubtful accounts as a percentage of accounts receivable remained about the same. Which of the following client explanations most likely would satisfy the auditor? A) The client liberalized its credit standards in the current year and sold much more merchandise to customers with poor credit ratings. B) Twice as many accounts receivable were written off in the prior year than in the current year. C) A greater percentage of accounts receivable were currently listed in the more than 90 days overdue category than in the prior year. D) The client opened a second retail outlet in the current year and its credit sales approximately equaled the older, established outlet. 22. Which of the following circumstances most likely would cause an auditor to suspect that there are material misstatements in an entity's financial statements? A) The entity's management places no emphasis on meeting publicized earnings projections. B) Significant differences between the physical inventory count and the accounting records are not investigated. C) Monthly bank reconciliations ordinarily include several large outstanding checks. D) Cash transactions are electronically processed and recorded, leaving no paper audit trail. 23. In its annual report to shareholders, Lake Co. included a separate management report that contained an assertion about the effectiveness of its internal control over financial reporting. Lake's auditor is expressing an unqualified opinion on Lake's financial statements but has not been engaged to examine and report on this management assertion. What is the auditor's responsibility concerning such report? A) The auditor should add an explanatory paragraph to the report on the financial statements disclaiming an opinion on management's assertion. B) The auditor has no obligation to read the management report or to verify the accuracy or appropriateness of its contents. C) The auditor should request Lake to place the management report in its annual report where it will not be misinterpreted to be the auditor's assertion. D) The auditor should read the management report and consider whether it contains a material misstatement of fact. 24. Which of the following audit procedures most likely would assist an auditor in identifying conditions and events that may indicate substantial doubt about an entity's ability to continue as a going concern? A) Reading the minutes of meetings of the stockholders and the board of directors. B) Comparing the market value of property to amounts owed on the property. C) Reviewing lease agreements to determine whether leased assets should be capitalized. D) Inspecting title documents to verify whether any assets are pledged as collateral. 25. Analytical procedures performed in the final review stage of an audit generally would include A) Reassessing the factors that assisted the auditor in deciding on preliminary materiality levels and audit

risk. B) Considering the adequacy of the evidence gathered in response to unexpected balances identified in planning. C) Summarizing uncorrected misstatements specifically identified through tests of details of transactions and balances. D) Calculating projected uncorrected misstatements estimated through audit sampling techniques. 26. Which of the following circumstances most likely would cause an auditor to suspect that there are material misstatements in an entitys financial statements? A) Senior financial management participates in the selection of accounting principles and the determination of significant estimates. B) Supporting accounting records and files that should be readily available are not produced promptly when requested. C) Related party transactions take place in the ordinary course of business with an entity that is audited by another CPA firm. D) Senior management has an excessive interest in upgrading the entitys information technology capabilities. 27. Which of the following types of evidential matter generally is the most competent? A) Inquiries made of management. B) Confirmation of account information. C) Analytical procedures. D) Review of prior-year audit procedures. 28. An accountant is asked to issue a review report on the balance sheet, but not on other related statements. The scope of the inquiry and analytical procedures has not been restricted, but the client failed to provide a representation letter. Which of the following should the accountant issue under these circumstances? A) Review report with a qualification. B) Review report with a disclaimer. C) Review report and footnote exceptions. D) Compilation report with the client's consent. 29. An auditor believes that there is substantial doubt about an entity's ability to continue as a going concern for a reasonable period of time. In evaluating the entity's plans for dealing with the adverse effects of future conditions and events, the auditor most likely would consider, as a mitigating factor, the entity's plans to A) Repurchase the entity's stock at a price below its book value. B) Issue stock options to key executives. C) Lease rather than purchase operating facilities. D) Accelerate the due date of an existing mortgage.

30. Analytical procedures performed during an audit indicate that accounts receivable doubled since the end of the prior year. However, the allowance for doubtful accounts as a percentage of accounts receivable remained about the same. Which of the following client explanations would satisfy the auditor? A) A greater percentage of accounts receivable are listed in the more than 120 days overdue category than in the prior year. B) Internal control activities over the recording of cash receipts have been improved since the end of the prior year. C) The client opened a second retail outlet during the current year and its credit sales approximately equaled the older outlet. D) The client tightened its credit policy during the current year and sold considerably less merchandise to customers with poor credit ratings. 31.Which of the following procedures would yield the most competent evidence? A) A scanning of trial balances. B) An inquiry of client personnel. C) A comparison of beginning and ending retained earnings. D) A recalculation of bad debt expense. 32. Which of the following procedures most likely would assist an auditor in identifying conditions and events that may indicate substantial doubt about an entity's ability to continue as a going concern? A) Performing cutoff tests of sales transactions with customers with long-standing receivable balances. B) Evaluating the entity's procedures for identifying and recording related party transactions. C) Inspecting title documents to verify whether any real property is pledged as collateral. D) Inquiring of the entity's legal counsel about litigation, claims, and assessments. 33. An auditor most likely would apply analytical procedures in the overall review stage of an audit to A) Enhance the auditor's understanding of subsequent events. B) Identify auditing procedures omitted by the staff accountants. C) Determine whether additional audit evidence may be needed. D) Evaluate the effectiveness of the internal control activities. 34. At the conclusion of an audit, an auditor is reviewing the evidence gathered in support of the financial statements. With regard to the valuation of inventory, the auditor concludes that the evidence obtained is not sufficient to support managements representations. Which of the following actions is the auditor most likely to take? A) Consult with the audit committee and issue a disclaimer of opinion. B) Consult with the audit committee and issue a qualified opinion. C) Obtain additional evidence regarding the valuation of inventory. D) Obtain a statement from management supporting their inventory valuation. 35. An audit supervisor reviewed the work performed by the staff to determine if the audit was adequately performed. The supervisor accomplished this by primarily reviewing which of the following?

A) Checklists. B) Working papers. C) Analytical procedures. D) Financial statements. 36. An auditor reads the letter of transmittal accompanying a county's comprehensive annual financial report and identifies a material inconsistency with the financial statements. The auditor determines that the financial statements do not require revision. Which of the following actions should the auditor take? A) Request that the client revise the letter of transmittal. B) Include an explanatory paragraph in the auditor's report. C) Consider withdrawing from the engagement. D) Request a client representation letter acknowledging the inconsistency. 1.A 2.B 3.B 4.B 5.D 6.B 7.C 8.D 9.B 10.C 11.C 12.A 13.D 14.A 15.A 16.B 17.B 18.D 19.C 20.A 21.D 22.B 23.D 24.A 25.B 26.B 27.B 28.D 29.C 30.C 31.D 32.D 33.C 34.C 35.B 36.A

Auditing and Attestation 5: Accounting and Review Services Engagements AUD 5 (Accounting and Review Services Engagements) Questions
1. When qualifying an opinion because of an insufficiency of audit evidence, an auditor should refer to the situation in the Scopeparagraph, Notes to the financial statements A) Yes, Yes B) Yes, No C) No, Yes D) No, No 2. An accountant compiled the financial statements of a nonissuer in accordance with Statements on Standards for Accounting and Review Services (SSARS). If the accountant has an ownership interest in the entity, which of the following statements is correct?

A) The accountant should refuse the compilation engagement. B) A report need not be issued for a compilation of a nonissuer. C) The accountant should include the disclaimer "I am an owner of the entity" in the report. D) The accountant should include the statement "I am not independent with respect to the entity" in the compilation report. 3. Which of the following is correct about reporting on compliance with laws and regulations in a financial audit under Government Auditing Standards (the Yellow Book)? A) Auditors are not required to report fraud, illegal acts, and other material noncompliance in the audit report. B) In some circumstances, auditors are required to report fraud and illegal acts directly to parties external to the audited entity. C) The auditor's key findings of the audit of the financial statements should be communicated in a separate report. D) The reporting standards in a governmental audit modify the auditor's responsibilities under generally accepted auditing standards. 4. Reports are considered special reports when issued in conjunction with A) Interim financial information reviewed to determine whether material modifications should be made to conform with GAAP. B) Feasibility studies presented to illustrate an entity's results of operations. C) Compliance with aspects of regulatory requirements related to audited financial statements. D) Pro forma financial presentations designed to demonstrate the effects of hypothetical transactions. 5. Which of the following services, if any, may an accountant who is not independent provide? A) Compilations, but not reviews. B) Reviews, but not compilations. C) Both compilations and reviews. D) No services. 6. Which of the following situations would preclude an accountant from issuing a review report on a company's financial statements in accordance with Statements on Standards for Accounting and Review Services (SSARS)? A) The owner of a company is the accountant's father. B) The accountant was engaged to review only the balance sheet. C) Land has been recorded at appraisal value instead of historical cost. D) Finished-goods inventory does not include any overhead amounts. 7. Which of the following components is appropriate in a practitioner's report on the results of applying agreed-upon procedures? A) A list of the procedures performed, as agreed to by the specified parties identified in the report. B) A statement that management is responsible for expressing an opinion.

C) A title that includes the phrase "independent audit." D) A statement that the report is unrestricted in its use. 8. An auditor may report on condensed financial statements that are derived from a complete set of audited financial statements only if the auditor A) Expresses an unqualified opinion on the audited financial statements from which the condensed financial statements are derived. B) Indicates whether the information is fairly stated in all material respects in relation to the complete financial statements. C) Determines that the condensed financial statements include all the disclosures necessary for the complete set of financial statements. D) Presents the condensed financial statements in comparative form with the prior-year's condensed financial statements. 9. General Retailing, a nonissuer, has asked Ford, CPA, to compile its financial statements that omit substantially all disclosures required by GAAP. Ford may comply with General's request provided the omission is clearly indicated in Ford's report and the A) Distribution of the financial statements and Ford's report is restricted to internal use only. B) Reason for omitting the disclosures is acknowledged in the notes to the financial statements. C) Omitted disclosures would not influence any potential creditor's conclusions about General's financial position. D) Omission is not undertaken with the intention of misleading the users of General's financial statements. 10. When planning a review of an audit client's interim financial statements, which of the following procedures should the accountant perform to update the accountant's knowledge about the entity's business and its internal control? A) Perform analytical procedures on selected accounts by comparing the interim amounts to the amounts for the previous audited fiscal year end. B) Inquire of the entity's outside legal counsel about the status of any previous pending litigation and any new litigation involving the entity. C) Select a sample of material revenue transactions occurring during the interim period and examine supporting documentation. D) Consider the results of audit procedures performed with respect to the current-year's financial statements. 11. An accountant has been engaged to compile pro forma financial statements. During the accountant's acceptance procedures, it is discovered that the accountant is not independent with respect to the company. What action should the accountant take with regard to the compilation? A) The accountant should discuss the lack of independence with legal counsel to determine whether it is appropriate to accept the engagement. B) The accountant should disclose the lack of independence in the accountant's compilation report. C) The accountant should withdraw from the engagement.

D) The accountant should compile the pro forma financial statements but should not provide a compilation report. 12. In an accountant's review of interim financial information, the accountant typically performs each of the following, except A) Reading the available minutes of the latest stockholders' meeting. B) Applying financial ratios to the interim financial information. C) Inquiring of the accounting department's management. D) Obtaining corroborating external evidence. 13. A CPA is reporting on comparative financial statements of a nonissuer. The CPA audited the prioryear's financial statements and reviewed those of the current year in accordance with Statements on Standards for Accounting and Review Services (SSARS). The CPA has added a separate paragraph to the review report to describe the responsibility assumed for the prior-year's audited financial statements. This separate paragraph should indicate A) The type of opinion expressed previously. B) That the CPA did not update the assessment of control risk. C) The reasons for the change from an audit to a review. D) That the audit report should no longer be relied on. 14. A CPA started to audit the financial statements of a nonissuer. After completing certain audit procedures, the client requested the CPA to change the engagement to a review because of a scope limitation. The CPA concludes that there is reasonable justification for the change. Under these circumstances, the CPA's review report should include a A) Statement that a review is substantially less in scope than an audit. B) Reference to the scope limitation that caused the changed engagement. C) Description of the auditing procedures that were completed before the engagement was changed. D) Reference to the CPA's justification for agreeing to change the engagement. 15. Which of the following statements would not normally be included in a representation letter for a review of interim financial information? A) To the best of our knowledge and belief, no events have occurred subsequent to the balance sheet and through the date of this letter that would require adjustment to or disclosure in the interim financial information. B) We acknowledge our responsibility for the design and implementation of programs and controls to prevent and detect fraud. C) We understand that a review consists principally of performing analytical procedures and making inquiries about the interim financial information. D) We have made available to you all financial records and related data. 16. When performing a review of interim financial information, an accountant would typically do each of the following, except

A) Consider the results from the latest audit. B) Test controls related to the preparation of annual financial information. C) Perform analytical procedures. D) Make inquiries of management. 17. A CPA concludes that the unaudited financial statements on which the CPA is disclaiming an opinion are not in conformity with generally accepted accounting principles (GAAP) because management has failed to capitalize leases. The CPA suggests appropriate revisions to the financial statements, but management refuses to accept the CPA's suggestions. Under these circumstances, the CPA ordinarily would A) Express limited assurance that no other material modifications should be made to the financial statements. B) Restrict the distribution of the CPA's report to management and the entity's board of directors. C) Issue a qualified opinion or adverse opinion depending on the materiality of the departure from GAAP. D) Describe the nature of the departure from GAAP in the CPA's report and state the effects on the financial statements, if practicable. 18. Before reissuing a compilation report on the financial statements of a nonissuer for the prior year, the predecessor accountant is required to A) Obtain an updated management representation letter from the entity's management. B) Compare the prior year's financial statements with those of the current year. C) Review the successor accountant's working papers for matters affecting the prior year. D) Make inquiries of the entity's lawyers concerning continuing litigation. 19. When an accountant is not independent with respect to an entity, which of the following types of compilation reports may be issued? A) The standard compilation report may be issued, regardless of independence. B) A compilation report with negative assurance may be issued. C) A compilation report with special wording that notes the accountant's lack of independence may be issued. D) A compilation report may be issued if the engagement is upgraded to a review. 20. On March 1, Green, CPA, expressed an unqualified opinion on the financial statements of Ajax Co. On July 1, Green's internal inspection program discovered that engagement personnel failed to observe Ajax's physical inventory. Green believes that this omission impairs Green's ability to support the unqualified opinion. If Ajax's creditors are currently relying on Green's opinion, Green should first A) Request Ajax's management to communicate to its creditors that Green's opinion should not be relied on. B) Reissue Green's auditor's report with an explanatory paragraph describing the departure from GAAS. C) Undertake to apply the alternative procedures that would provide a satisfactory basis for Green's opinion. D) Advise Ajax's board of directors to disclose this development in its next interim report.

21. Which of the following statements is correct regarding a compilation report on financial statements issued in accordance with Statements on Standards for Accounting and Review Services (SSARS)? A) The report should not be issued if the accountant is not independent from the entity. B) The report should include a statement indicating that the information is the representation of the accountant. C) The report should include a description of other procedures performed during the compilation. D) The date on the report should be the date of completion of the compilation. 22. When issuing letters for underwriters, commonly referred to as comfort letters, an accountant may provide negative assurance concerning A) The absence of any significant deficiencies in internal control. B) The conformity of the entity's unaudited condensed interim financial information with generally accepted accounting principles (GAAP). C) The results of procedures performed in compiling the entity's financial forecast. D) The compliance of the entity's registration statement with the requirements of the Securities Act of 1933. 23. Which of the following statements would be appropriate in an accountant's report on compiled financial statements of a nonissuer prepared in accordance with Statements on Standards for Accounting and Review Services (SSARS)? A) We are not aware of any material modifications that should be made to the accompanying financial statements. B) A compilation is substantially less in scope than an audit in accordance with generally accepted auditing standards (GAAS). C) A compilation is limited to presenting in the form of financial statements information that is a representation of management. D) A compilation is performed to obtain reasonable assurance about whether the financial statements are free from material misstatement. 24. An auditor concludes that a substantive auditing procedure considered necessary during the prior years audit was omitted and there are persons currently relying on the auditors report. The auditor most likely would promptly apply the omitted procedure if A) Control risk was assessed at the maximum level for the relevant financial statement assertions. B) The auditors working papers will be subject to postissuance review in connection with a peer review program. C) The results of other procedures that were applied tend to compensate for the one omitted. D) The omission of the procedure impairs the auditors present ability to support the previously expressed opinion. 25. Under which of the following circumstances would an accountant most likely conclude that it is necessary to withdraw from an engagement to review a nonpublic entity's financial statements? A) The entity does not have reasonable justification for making a change in accounting principle.

B) The entity prepares its financial statements on the income tax basis of accounting. C) The entity requests the accountant to report only on the balance sheet, and not on the other financial statements. D) The entity declines to provide the accountant with a signed representation letter. 26. Comparative financial statements include the prior year's statements that were audited by a predecessor auditor whose report is not presented. If the predecessor's report was unqualified, the successor should A) Add an explanatory paragraph that expresses only limited assurance concerning the fair presentation of the prior year's financial statements. B) Express an opinion only on the current year's financial statements and make no reference to the prior year's financial statements. C) Indicate in the auditor's report that the predecessor auditor expressed an unqualified opinion on the prior year's financial statements. D) Obtain a letter of representations from the predecessor auditor concerning any matters that might affect the successor's opinion. 27. Restrictions imposed by a retail entity that is a new client prevent an auditor from observing any physical inventories. These inventories account for 40% of the entity's assets. Alternative auditing procedures cannot be applied due to the nature of the entity's records. Under these circumstances, the auditor should express a(an) A) Disclaimer of opinion. B) Qualified opinion. C) Adverse opinion. D) Unqualified opinion with an explanatory paragraph. 28. What is an auditor's responsibility for supplementary information, such as the disclosure of pension information, which is outside the basic financial statements but required by the GASB? A) The auditor should apply substantive tests of transactions to the supplementary information and verify its conformity with the GASB requirement. B) The auditor should apply certain limited procedures to the supplementary information and report deficiencies in, or omissions of, such information. C) The auditor's only responsibility for the supplementary information is to determine that such information has not been omitted. D) The auditor has no responsibility for such supplementary information as long as it is outside the basic financial statements. 29. If a client will not permit inquiry of outside legal counsel, the auditor's report ordinarily will contain a(an) A) Adverse opinion. B) Disclaimer of opinion.

C) Unqualified opinion with a separate explanatory paragraph. D) Qualified opinion. 30. An auditor is reporting on condensed financial statements for an annual period that are derived from the audited financial statements of a publicly-held entity. The auditor's opinion should indicate whether the information in the condensed financial statements is fairly stated in all material respects A) In conformity with accounting principles generally accepted in the United States of America. B) In relation to the complete financial statements. C) In conformity with an other comprehensive basis of accounting. D) In relation to supplementary filings under federal security statutes 31. Which of the following statements is correct concerning an auditor's responsibility to report fraud? A) The auditor is required to communicate to the client's audit committee all minor fraudulent acts perpetrated by low-level employees, even if the amounts involved are inconsequential. B) The disclosure of material management fraud to principal stockholders is required when both senior management and the board of directors fail to acknowledge the fraudulent activities. C) Fraudulent activities involving senior management of which the auditor becomes aware should be reported directly to the SEC. D) The disclosure of fraudulent activities to parties other than the client's senior management and its audit committee is not ordinarily part of the auditor's responsibility. 32. An accountant's standard report on a compilation of a projection should not include a statement that A) There will usually be differences between the forecasted and actual results. B) The hypothetical assumptions used in the projection are reasonable in the circumstances. C) The accountant has no responsibility to update the report for future events and circumstances. D) The compilation of a projection is limited in scope. 33. Which of the following events occurring after the issuance of an auditor's report most likely would cause the auditor to make further inquiries about the previously issued financial statements? A) A lawsuit is resolved that is explained in a separate paragraph of the prior-year's auditor's report. B) New information is discovered concerning undisclosed related party transactions of the prior year. C) A technological development occurs that affects the entity's ability to continue as a going concern. D) The entity sells a subsidiary that accounts for 35% of the entity's consolidated sales. 34. On February 9, Brown, CPA, expressed an unqualified opinion on the financial statements of Web Co. On October 9, during a peer review of Brown's practice, the reviewer informed Brown that engagement personnel failed to perform a search for subsequent events for the Web engagement. Brown should first A) Request Web's permission to perform substantive procedures that would provide a satisfactory basis for the opinion. B) Inquire of Web whether there are persons currently relying, or likely to rely, on the financial statements. C) Take no additional action because subsequent events have no effect on the financial statements that

were reported on. D) Assess the importance of the omitted procedures to Brown's present ability to support the opinion. 35. An accountant has been asked to issue a review report on the balance sheet of a nonpublic entity without reporting on the related statements of income, retained earnings, and cash flows. The accountant may issue the requested review report only if A) The balance sheet is not to be used to obtain credit or distributed to the entity's creditors. B) The balance sheet is part of a comprehensive personal financial plan developed to assist the entity. C) There have been no material changes during the year in the entity's accounting principles. D) The scope of the accountant's inquiry and analytical procedures has not been restricted. 36. When a CPA reports on audited financial statements prepared on the cash receipts and disbursements basis of accounting, the report should A) Explain why this basis of accounting is more useful for the readers of this entity's financial statements than GAAP. B) Refer to the note in the financial statements that describes management's responsibility for the financial statements. C) State that the basis of presentation is a comprehensive basis of accounting (OCBOA) other than GAAP. D) Include a separate explanatory paragraph that discusses the justification for, and the CPA's concurrence with, the departure from GAAP. 37. The GAO standards of reporting for governmental financial audits incorporate the AICPA standards of reporting and prescribe supplemental standards to satisfy the unique needs of governmental audits. Which of the following is a supplemental reporting standard for governmental financial audits? A) Auditors should report the scope of their testing of compliance with laws and regulations and of internal controls. B) Material indications of illegal acts should be reported in a document distributed only to the entity's senior officials. C) All changes in the audit program from the prior year should be reported to the entity's audit committee. D) Any privileged or confidential information discovered should be reported to the organization that arranged for the audit. 38. When an auditor has substantial doubt about an entity's ability to continue as a going concern because of the probable discontinuance of operations, the auditor most likely would express a qualified opinion if A) The effects of the adverse financial conditions likely will cause a bankruptcy filing. B) Information about the entity's ability to continue as a going concern is not disclosed. C) Management has no plans to reduce or delay future expenditures. D) Negative trends and recurring operating losses appear to be irreversible 39. A practitioner's report on agreed-upon procedures that is in the form of procedures and findings should contain

A) Negative assurance that the procedures did not necessarily disclose all reportable conditions. B) An acknowledgment of the practitioner's responsibility for the sufficiency of the procedures. C) A statement of restrictions on the use of the report. D) A disclaimer of opinion on the entity's financial statements. 40. An auditor concludes that there is a material inconsistency in the other information in an annual report to shareholders containing audited financial statements. The auditor believes that the financial statements do not require revision, but the client is unwilling to revise or eliminate the material inconsistency in the other information. Under these circumstances, what action would the auditor most likely take? A) Consider the situation closed because the other information is not in the audited financial statements. B) Issue an except for qualified opinion after discussing the matter with the client's audit committee. C) Disclaim an opinion on the financial statements after explaining the material inconsistency in a separate explanatory paragraph. D) Revise the auditor's report to include a separate explanatory paragraph describing the material inconsistency. 41. When an accountant compiles a financial forecast, the accountant's report should include a(an) A) Explanation of the differences between a financial forecast and a financial projection. B) Caveat that the prospective results of the financial forecast may not be achieved. C) Statement that the accountant's responsibility to update the report is limited to one year. D) Disclaimer of opinion on the reliability of the entity's internal controls. 42. An accountant's standard report issued after compiling the financial statements of a nonpublic entity should state that A) I am not aware of any material modifications that should be made to the accompanying financial statements. B) A compilation consists principally of inquiries of company personnel and analytical procedures. C) A compilation is limited to presenting in the form of financial statements information that is the representation of management. D) A compilation is substantially less in scope than an audit in accordance with GAAS, the objective of which is the expression of an opinion. 43.A CPA's standard report on audited financial statements would be inappropriate if it referred to A) Management's responsibility for the financial statements. B) An assessment of the entity's accounting principles. C) Significant estimates made by management. D) The CPA's assessment of sampling risk factors. 44. An enterprise engaged a CPA to audit its financial statements in accordance with Government Auditing Standards (the Yellow Book) because of the provisions of government grant funding agreements. Under these circumstances, the CPA is required to report on the enterprise's internal controls either in the report on the financial statements or in

A) The report on the performance audit. B) The notes to the financial statements. C) A letter to the government funding agency. D) A separate report. 45. An auditor determines that the entity is presenting certain supplementary financial disclosures of pension information that are required by the GASB. Under these circumstances, the auditor should A) Add an explanatory paragraph to the auditor's report that refers to the required supplementary information. B) State that the audit is not being performed in accordance with generally accepted auditing standards. C) Document in the working papers that the required supplementary information is presented, but should not apply any procedures to the information. D) Compare the required supplementary information for consistency with the audited financial statements. 46. Comfort letters ordinarily are: Adressed to the client's, Signed by the client's A) Audit committee, Independent auditor B) Underwriter of securities, Senior management C) Audit committee, Senior management D) Underwriter of securities, Independent auditor 47. Under which of the following circumstances would an auditor's expression of an unqualified opinion be inappropriate? A) The auditor is unable to obtain the audited financial statements of a significant subsidiary. B) The financial statements are prepared on the entity's income tax basis. C) There are significant deficiencies in the design and operation of the entity's internal control. D) Analytical procedures indicate that many year-end account balances are not comparable with the prior year's balances. 48. The standard report issued by an accountant after reviewing the financial statements of a nonpublic entity should state that A) A review is limited to presenting in the form of financial statements information that is the representation of management. B) A review consists of inquiries of company personnel and analytical procedures applied to financial data. C) The accountant does not express an opinion or any other form of assurance on the financial statements. D) The accountant did not obtain an understanding of the entity's internal control or assess control risk. 49. When an accountant compiles projected financial statements, the accountant's report should include a separate paragraph that A) Explains the difference between a compilation and a review. B) Documents the assessment of the risk of material misstatement due to fraud.

C) Expresses limited assurance that the actual results may be within the projected range. D) Describes the limitations on the projection's usefulness. 50. While auditing the financial statements of a nonpublic entity, a CPA was requested to change the engagement to a review in accordance with Statements on Standards for Accounting and Review Services (SSARS) because of a scope limitation. If the CPA believes the client's request is reasonable, the CPA's review report should I. Refer to the scope limitation that caused the change. II. Describe the auditing procedures that have already been applied. A) I only. B) II only. C) Both I and II. D) Neither I nor II. 51. Reporting standards for financial audits under Government Auditing Standards (the Yellow Book) differ from reporting under generally accepted auditing standards in that Government Auditing Standards require the auditor to A) Provide positive assurance that control activities regarding segregation of duties are consistent with the entity's control objectives. B) Present the results of the auditor's tests of controls. C) Provide negative assurance that the auditor discovered no evidence of intentional override of internal controls. D) Describe the scope of the auditor's principal substantive tests. 1.B 2.D 3.B 4.C 5.A 6.A 7.A 8.B 9.D 10.D 11.B 12.D 13.A 14.A 15.C 16.B 17.D 18.B 19.C 20.C 21.D 22.B 23.C 24.D 25.D 26.C 27.A 28.B 29.B 30.B 31.D 32.B 33.B 34.D 35.D 36.C 37.A 38.B 39.C 40.D 41.B 42.C 43.D 44.D 45.D 46.D 47.A 48.B 49.D 50.D 51.B

Auditing and Attestation 6: Professional Responsibilities AICPA Code of Professional Conduct

The AICPA Code of Professional Conduct is a collection of codified statements issued by the American Institute of Certified Public Accountants that outline a CPA's ethical and professional responsibilities. The code establishes standards for auditor independence, integrity and objectivity, responsibilities to clients and colleagues and acts discreditable to the accounting profession. The AICPA is responsible for drafting, revising and reissuing the code annually, on June 1. Notable Sections Section 51 - Preamble The openeing principle of the code is that membership, and therefore adherence, to the code is voluntary. This means that an accountant is never under a legal responsibility to adhere to the code, and can renounce the code and membership in the AICPA at any time. Section 101 - Independence Section 101 sets forth the various requirements to establish auditor independence and conditions that nullify it. Knowingly allowing a member who is not independent to continue to work on an engagement can result in disciplinary action from the AICPA, including possible revocation of the members status as a CPA. Generally, the following actions will impair auditor independence:

Authorizing, executing or consummating a transaction, or otherwise exercising authority on behalf of a client or having the authority to do so. Preparing source documents, in electronic or other form, evidencing the occurrence of a transaction. Having custody of client assets. Supervising client employees in the performance of their normal recurring activities. Determining which recommendations of the member should be implemented. Reporting to the board of directors on behalf of management. Serving as a client's stock transfer or escrow agent, registrar, general counsel or its equivalent. Establishing or maintaining internal controls, including performing ongoing monitoring activities.

Auditor independence is impaired if a member on the engagement team has a direct or material indirect financial interest in the client. Member's on the engagement team are not allowed to be on the board of trustees of a trust that owns, or has committed to owning more than 10% of the client's equity. A member or any of their immediate family are not allowed to own more than 5% of the clients equity. For the period being audited, the auditor is not allowed to operate as an officer, director, manager, promoter, underwriter or voting trustee for the client. If a member leaves the auditing firm and is employed by the client, the entire firms independence is deemed to be impaired. If an audit member is made a job offer by the client and does not immediately report and remove themselves from the engagement, their independence is impaired. However if the member does report the job offer and rejects it, and is no longer being considered for a position with the client, than their independence is not impaired. When the auditing member has a previous employment relationship with the client, barring certain exceptions, the auditor is required to liquidate any employee welfare programs that they have vested

benefits in and collect or pay any loans outstanding to the client. The immediate family of the auditor is considered part of the test for impairment of independence. The exception to this is that the immediate family members of auditors are allowed to work for the client in non-management roles. If the auditor provides non-attest services such as tax support or consulting, they are required to adhere to the independence requirements of other regulatory bodies that govern those services. Failure to do so will impair their independence for their audit engagement as well.

Due diligence
"Due diligence" is a term used for a number of concepts, involving either an investigation of a business or person prior to signing a contract, or an act with a certain standard of care. It can be a legal obligation, but the term will more commonly apply to voluntary investigations. A common example of due diligence in various industries is the process through which a potential acquirer evaluates a target company or its assets for an acquisition. The term "due diligence" first came into common use as a result of the United States' Securities Act of 1933. This Act included a defense at Section 11, referred to as the "Due Diligence" defense, which could be used by broker-dealers when accused of inadequate disclosure to investors of material information with respect to the purchase of securities. As long as broker-dealers exercised "due diligence" in their investigation into the company whose equity they were selling, and disclosed to the investor what they found, they would not be held liable for non-disclosure of information that was not discovered in the process of that investigation. The broker-dealer community quickly institutionalized, as a standard practice, the conducting of due diligence investigations of any stock offerings in which they involved themselves. Originally the term was limited to public offerings of equity investments, but over time it has come to be associated with investigations of private mergers and acquisitions as well. The term has slowly been adapted for use in other situations. Business transactions and corporate finance Due diligence can be defined as: 1. The examination of a potential target for merger, acquisition, privatization, or similar corporate finance transaction normally by a buyer. 2. A reasonable investigation focusing on material future matters. 3. An examination being achieved by asking certain key questions, including, how do we buy, how do we structure the acquisition, and how much do we pay? 4. An investigation on the current practices of process and policies. 5. An examination aiming to make an acquisition decision via the principles of valuation and shareholder value analysis.

The due diligence process (framework) can be divided into nine distinct areas: 1. 2. 3. 4. 5. 6. 7. 8. 9. Compatibility audit. Financial audit. Macro-environment audit. Legal/environmental audit. Marketing audit. Production audit. Management audit. Information systems audit. Reconciliation audit.

It is essential that the concepts of valuations (shareholder value analysis) be linked into a due diligence process. This is in order to reduce the number of failed mergers and acquisitions. In this regard, two new audit areas have been incorporated into the Due Diligence framework:

the Compatibility Audit which deals with the strategic components of the transaction and in particular the need to add shareholder value and the Reconciliation audit, which links/consolidates other audit areas together via a formal valuation in order to test whether shareholder value will be added.

In business transactions, the due diligence process varies for different types of companies. The relevant areas of concern may include the financial, legal, labor, tax, IT, environment and market/commercial situation of the company. Other areas include intellectual property, real and personal property, insurance and liability coverage, debt instrument review, employee benefits and labor matters, immigration, and international transactions.

PCAOB
The PCAOB has five members, including a chairman, each of whom is appointed by the U.S. Securities and Exchange Commission (SEC). Precisely two members of the PCAOB must be or have been a Certified Public Accountant. However, if the chairman of the PCAOB is one of those two members, he or she may not have been a practicing certified public accountant for at least five years prior to being appointed to the Board. Each member serves full-time, for staggered five-year terms. As of 2009, the salary of the PCAOB's chairman is $672,676 per year, while the salaries of other board members are $546,891 annually. The Board's annual budget of approximately $180 million, which must be approved by the SEC each year, is funded by fees paid by U.S. securities issuers. The organization has a staff of over 600, and its headquarters is in Washington, D.C. The PCAOB's first chairman was the former New York Federal Reserve president, William J. McDonough. The Board's immediate past Chairman is Mark W. Olson, a former Federal Reserve Board

governor. The PCAOB's current Chairman is James R. Doty. PCAOB powers Under Section 101 of the Sarbanes-Oxley Act, the PCAOB has the power to:

register public accounting firms that prepare audit reports for issuers; set auditing, quality control, ethics, independence and other standards relating to the preparation of audit reports by issuers; conduct inspections of registered public accounting firms; conduct investigations and disciplinary proceedings concerning, and impose appropriate sanctions where justified upon, registered public accounting firms and associated persons of such firms (including fines of up to $100,000 against individual auditors, and $2 million against audit firms); perform such other duties or functions as the Board (or the SEC) determines are necessary or appropriate to promote high professional standards among, and improve the quality of audit services offered by, registered public accounting firms and their employees; sue and be sued, complain and defend, in its corporate name and through its own counsel, with the approval of the SEC, in any Federal, State or other court; conduct its operations, maintain offices, and exercise all of its rights and powers in any part of the United States, without regard to any qualification, licensing or other provision of State or municipal law; hire staff, accountants, attorneys and other agents as may be necessary or appropriate to the PCAOB's mission (with salaries set at a level comparable to private sector self-regulatory, accounting, technical, supervisory, or other staff or management positions); allocate, assess, and collect accounting support fees that fund the board; and enter into contracts, execute instruments, incur liabilities, and do any and all other acts and things necessary, appropriate, or incidental to the conduct of its operations and the exercise of its powers under the Sarbanes-Oxley Act.

Part of the PCAOB's power to set rules of the auditing industry includes the power to regulate the nonaudit services that audit firms may offer their audit clients (such as consulting or tax services). This power was given to the PCAOB as a result of allegations, in cases such as Enron and Worldcom, that auditors' independence from their clients' managers had been compromised because of the large fees that audit firms were earning from these ancillary services. In addition, as part of the PCAOB's investigative powers, the Board is empowered to require that audit firms, or any person associated with an audit firm, provide testimony or documents in its (or his or her) possession. If the firm or person refuses to provide this testimony or these documents, the PCAOB may suspend or debar that person or entity from the public audit industry. The PCAOB may also seek the SEC's assistance in issuing subpoenas for testimony or documents from individuals or entities not registered with the PCAOB. Under Section 103 of the Sarbanes-Oxley Act of 2002, PCAOB was to establish auditing and related attestation, quality control, ethics, and independence standards and rules to be used by registered public accounting firms in the preparation and issuance of audit reports as required by the Act or the rules of the

Securities and Exchange Commission. The Boards Office of the Chief Auditor advises the Board on the establishment of such auditing and related professional practice standards. As of 2011, PCAOB has issued fifteen broad Auditing Standards. Government oversight of the PCAOB Each of these powers is subject to approval and oversight by the Securities and Exchange Commission. Individuals and audit firms subject to PCAOB oversight may appeal PCAOB decisions (including any disciplinary actions) to the SEC and the SEC has the power to modify or overturn PCAOB rules. The PCAOB is subject to SEC inspections and enforcement and the Sarbanes-Oxley Act gives the SEC the power to censure or remove PCAOB members for cause. Inspection Reports PCAOB periodically issue Inspection Reports of registered public accounting firms. While a large part of such reports are made public, portions of an inspection report that deal with criticisms of, or potential defects in, the firm's quality control systems are not made public if the firm addresses those matters to the Board's satisfaction within 12 months after the report date. Those portions are made public, however, if (1) the Board determines that a firm's efforts to address the criticisms or potential defects were not satisfactory, or (2) the firm makes no submission evidencing any such efforts. Public Registered Accounting Firms Per Section 102 of Sarbanes Oxley Act, accounting firms that intend to perform public audits on U.S. public companies have to register with PCAOB. Section 106(a) of the Act provides that any non-U.S. public accounting firm that prepares or furnishes an audit report with respect to any U.S. public company is subject to the Board's rules to the same extent as a U.S. public accounting firm. As of April 2009, there are close to two thousand registered firms.

SarbanesOxley Act
The SarbanesOxley Act of 2002 (enacted July 30, 2002), also known as the 'Public Company Accounting Reform and Investor Protection Act' and more commonly called Sarbanes Oxley, Sarbox or SOX, is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. It is named after sponsors U.S. Senator Paul Sarbanes and U.S. Representative Michael G. Oxley. As a result of SOX, top management must now individually certify the accuracy of financial information. In addition, penalties for fraudulent financial activity are much more severe. Also, SOX increased the independence of the outside auditors who review the accuracy of corporate financial statements, and increased the oversight role of boards of directors.The act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the law. The bill was enacted as a reaction to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, Adelphia, Peregrine Systems and WorldCom. These scandals, which cost investors billions of dollars when the share prices of affected companies collapsed, shook public confidence in the nation's securities markets. Debate continues over the perceived benefits and costs of SOX. Opponents of the bill claim it has reduced

America's international competitive edge against foreign financial service providers, saying SOX has introduced an overly complex regulatory environment into U.S. financial markets. Proponents of the measure say that SOX has been a "godsend" for improving the confidence of fund managers and other investors with regard to the veracity of corporate financial statements. Insummary, the titles of the act are as follows: 1. Public Company Accounting Oversight Board (PCAOB) Title I consists of nine sections and establishes the Public Company Accounting Oversight Board, to provide independent oversight of public accounting firms providing audit services ("auditors"). It also creates a central oversight board tasked with registering auditors, defining the specific processes and procedures for compliance audits, inspecting and policing conduct and quality control, and enforcing compliance with the specific mandates of SOX. 2. Auditor Independence Title II consists of nine sections and establishes standards for external auditor independence, to limit conflicts of interest. It also addresses new auditor approval requirements, audit partner rotation, and auditor reporting requirements. It restricts auditing companies from providing nonaudit services (e.g., consulting) for the same clients. 3. Corporate Responsibility Title III consists of eight sections and mandates that senior executives take individual responsibility for the accuracy and completeness of corporate financial reports. It defines the interaction of external auditors and corporate audit committees, and specifies the responsibility of corporate officers for the accuracy and validity of corporate financial reports. It enumerates specific limits on the behaviors of corporate officers and describes specific forfeitures of benefits and civil penalties for non-compliance. For example, Section 302 requires that the company's "principal officers" (typically the Chief Executive Officer and Chief Financial Officer) certify and approve the integrity of their company financial reports quarterly. 4. Enhanced Financial Disclosures Title IV consists of nine sections. It describes enhanced reporting requirements for financial transactions, including off-balance-sheet transactions, pro-forma figures and stock transactions of corporate officers. It requires internal controls for assuring the accuracy of financial reports and disclosures, and mandates both audits and reports on those controls. It also requires timely reporting of material changes in financial condition and specific enhanced reviews by the SEC or its agents of corporate reports. 5. Analyst Conflicts of Interest

Title V consists of only one section, which includes measures designed to help restore investor confidence in the reporting of securities analysts. It defines the codes of conduct for securities analysts and requires disclosure of knowable conflicts of interest. 6. Commission Resources and Authority Title VI consists of four sections and defines practices to restore investor confidence in securities analysts. It also defines the SEC's authority to censure or bar securities professionals from practice and defines conditions under which a person can be barred from practicing as a broker, advisor, or dealer. 7. Studies and Reports Title VII consists of five sections and requires the Comptroller General and the SEC to perform various studies and report their findings. Studies and reports include the effects of consolidation of public accounting firms, the role of credit rating agencies in the operation of securities markets, securities violations and enforcement actions, and whether investment banks assisted Enron, Global Crossing and others to manipulate earnings and obfuscate true financial conditions. 8. Corporate and Criminal Fraud Accountability Title VIII consists of seven sections and is also referred to as the "Corporate and Criminal Fraud Accountability Act of 2002". It describes specific criminal penalties for manipulation, destruction or alteration of financial records or other interference with investigations, while providing certain protections for whistle-blowers. 9. White Collar Crime Penalty Enhancement Title IX consists of six sections. This section is also called the "White Collar Crime Penalty Enhancement Act of 2002." This section increases the criminal penalties associated with whitecollar crimes and conspiracies. It recommends stronger sentencing guidelines and specifically adds failure to certify corporate financial reports as a criminal offense. 10. Corporate Tax Returns Title X consists of one section. Section 1001 states that the Chief Executive Officer should sign the company tax return. 11. Corporate Fraud Accountability Title XI consists of seven sections. Section 1101 recommends a name for this title as "Corporate Fraud Accountability Act of 2002". It identifies corporate fraud and records tampering as criminal

offenses and joins those offenses to specific penalties. It also revises sentencing guidelines and strengthens their penalties. This enables the SEC to resort to temporarily freezing transactions or payments that have been deemed "large" or "unusual".

U. S. Securities and Exchange Commission (SEC)

The Securities and Exchange Commision (SEC) was established by the United States Congress [23] in 1934 as an independent, quasi-judicial [24] regulatory agency [25] during the Great Depression [26] that followed the Crash of 1929 [27]. The main reason for the creation of the SEC was to regulate the stock market [28] and prevent corporate abuses [29] relating to the offering and sale of securities and corporate reporting. The SEC was given the power to license and regulate stock exchanges, the companies whose securities traded on them, and the brokers and dealers who conducted the trading. Currently, the SEC is responsible for administering seven major laws that govern the securities industry. They are: the Securities Act of 1933, the Securities Exchange Act of 1934, the Trust Indenture Act of 1939, the Investment Company Act of 1940, the Investment Advisers Act of 1940, the Sarbanes-Oxley Act of 2002and most recently, the Credit Rating Agency Reform Act of 2006. The enforcement authority given by Congress allows the SEC to bring civil enforcement actions against individuals or companies alleged to have committed accounting fraud, provided false information, or engaged in insider trading or other violations of the securities law. The SEC also works with criminal law enforcement agencies to prosecute individuals and companies alike for offenses which include a criminal violation. To achieve its mandate, the SEC enforces the statutory requirement that public companies submit quarterly and annual reports, as well as other periodic reports. In addition to annual financial reports, company executives must provide a narrative account, called the "management discussion and analysis" (MD&A), that outlines the previous year of operations and explains how the company fared in that time period. Management will usually also touch on the upcoming year, outlining future goals and approaches to new projects. In an attempt to level the playing field for all investors, the SEC maintains an online database called EDGAR (the Electronic Data Gathering, Analysis, and Retrieval system) online from which investors can access this and other information filed with the agency. Quarterly and annual reports from public companies are crucial for investors to make sound decisions when investing in the capital markets. Unlike banking, investment in the capital markets is not guaranteed by the federal government. The potential for big gains needs to be weighed against equally likely losses. Mandatory disclosure of financial and other information about the issuer and the security itself gives private individuals as well as large institutions the same basic facts about the public companies they invest in, thereby increasing public scrutiny while reducing insider trading and fraud. The SEC makes reports available to the public via the EDGAR system. SEC also offers publications on investment-related topics for public education. The same online system also takes tips and complaints from investors to help the SEC track down violators of the securities laws. The SEC adheres to a strict policy that it never comments on the existence or status of an ongoing investigation.

AUD 6 (Professional Responsibilities) Questions

1. A company hires one of its board members, a CPA, to issue accounting reports for the company. Assuming any required disclosures are made, which of the following reports may the CPA issue without violating independence rules? A) Compilations. B) Reviews. C) Audits. D) Agreed-upon procedures. 2. A CPA purchased stock in a client corporation and placed it in a trust as an educational fund for the CPA's minor child. The trust securities are not material to the CPA's wealth but are material to the child's personal net worth. According to the AICPA Code of Professional Conduct, would this action impair the CPA's independence with the client? A) No, because the CPA would not have a direct financial interest in the client. B) Yes, because the stock would be a direct financial interest and materiality is a factor. C) Yes, because the stock would be an indirect financial interest and materiality is not a factor. D) Yes, because the stock would be a direct financial interest and materiality is not a factor. 3. According to the AICPA Code of Professional Conduct, which of the following actions by a CPA most likely involves an act discreditable to the profession? A) Refusing to provide the client with copies of the CPA's workpapers. B) Auditing financial statements according to governmental standards despite the client's preferences. C) Accepting a commission from a nonattest function client. D) Retaining client records after the client demands their return. 4. According to the SEC, an auditor is not independent of its issuer audit client in which of the following situations? A) The auditor's cousin has an insurance policy obtained from the issuer before it became an audit client. B) The auditor has an automobile loan at standard terms from the audit client that is collateralized by the automobile. C) The auditor has an investment in an entity that has the ability to exercise significant influence over the audit client. D) The auditor's grandparent was in an accounting role at the audit client and ended employment before the period under audit began. 5. A CPA audits the financial statements of a client. The CPA has also been asked to perform bookkeeping functions for the client. Under the AICPA Code of Professional Conduct, which of the following activities would impair the CPA's independence with respect to the client? A) The CPA records transactions in accordance with classifications determined by management. B) The CPA prepares financial statements from a trial balance provided by management.

C) The CPA posts adjusting journal entries prepared by management to the trial balance. D) The CPA authorizes client transactions and reports them to management. 6. Which of the following is a correct statement regarding the nature and timing of communications between an accounting firm performing an initial audit of an issuer and the issuer's audit committee? A) Prior to accepting the engagement, the firm must orally affirm its independence to the audit committee with all members present. B) The firm must address all independence impairment issues on the date of the audit opinion. C) Communications related to independence may occur in any form prior to issuance of the financial statements. D) Prior to accepting the engagement, the firm should describe in writing all relationships that, as of the date of the communication, may reasonably be thought to bear on independence. 7. A person identified as an audit committee financial expert of an issuer generally must have acquired the attributes of a financial expert through any of the following experiences, except A) As a principal financial officer, principal accounting officer, controller, public accountant, or auditor. B) Serving on at least one other issuer's audit committee or disclosure committee of the board of directors. C) Actively supervising a principal financial officer or principal accounting officer. D) Assessing the performance of public accountants with respect to preparation, auditing, or evaluation of financial statements. 8. An issuer may hire an employee of a registered public accounting firm who served on the audit engagement team within the previous year for which of the following positions? A) Controller. B) CFO. C) CEO. D) Staff accountant. 1.A 2.D 3.D 4.C 5.D 6.D 7.B 8.D