Professional Documents
Culture Documents
19-31.
a.
b.
Independent auditors use a management letter to call to management's attention matters that the auditor
has noted during the course of the audit engagement but which did not fall within the scope of the
opinion. The management letter provides an excellent vehicle for suggesting services that can assist the
business in improving organizational performance. A management letter is rendered as a constructive
service to suggest improvements as well as point out deficiencies.
Many types of information can be covered in a management letter. The major, broad areas which are
presented and discussed in the management letter include:
Suggestions for modifying and improving a client's internal controls.
Recommendations for changes and improvements in accounting systems to better
meet management's information needs.
Suggestions for improving the management of resources such as cash, inventories,
and investments.
Comments regarding tax related matters.
A detailed example of a suggestion for improving business practices follows:
We understand that your accounting system offers discounts to customers who purchase in significant
volumes. The program that grants these volume discounts as it prices a sales invoice does so after
important information on gross margins has been reported to department managers. While sales
invoices and underlying accounting information is correct, it does not agree with management
information that is provided to sales managers as they make pricing decisions. As soon as possible you
need to change the program that calculates the sales discounts so that gross margins and other
information used by sales management includes the volume discounts offered customers.
(Answer updated from original ICMA answer.)
a.
19-32.
1.
2.
3.
4.
5.
6.
7.
8.
The date field work is completed is not specifically given. This answer is based on the customary
practice of dating the audit report as of the end of field work (i.e., February 26).
b.
For categories (1) and (2) the auditor has the responsibility for identifying and evaluating subsequent
events up to the date of the auditor's report. In discharging this responsibility, the auditor should be
alert for subsequent events in performing substantive tests, and also perform specific auditing
procedures at or near the completion of field work.
For categories (3) and (4), the auditor has no responsibility to make inquiry or to perform any auditing
procedures during this time period to discover subsequent events. However, if knowledge of such an
event comes to the auditor's attention, he or she should determine whether the event requires
adjustment of or disclosure in the financial statements.
For category (5), the auditor has no responsibility for their discovery. However, if the auditor becomes
aware of such facts and the facts may have affected the report that was issued, the auditor is required to
ascertain the reliability of the information.
c.
1.
2.
3.
4.
5.
6.
7.
8.
d.
If the client fails to make required disclosure, the auditor should notify each member of the board of
directors of such refusal and take the following steps to prevent further reliance on the audit report
and:
20-22.
Notify the client that the audit report must no longer be associated with the
financial statements.
Notify regulatory agencies having jurisdiction over the client that the report should
no longer be relied on.
Notify (generally via the regulatory agency) each individual known to be relying
on the statements that the report should no longer be relied on.
a.
The purpose of a WebTrust engagement is to provide customers assurance about three aspects of
electronic commerce. WebTrust addresses an entitys business and information privacy practices;
issues of transaction integrity; and issues of information protection. If a customer is satisfied that you
have significant assurances in place to protect and maintain privacy regarding information disclosed in
a transaction, it is likely that a consumer will transact business through that website. This is one way
of ensuring that concerns over information integrity do not discourage customers from purchasing golf
equipment through your website. Assurance about business practices through a WebTrust engagement
might allow you to extend the size and scope of your marketplace through your internet presence and
focus on the other factors that have make your business a competitive force in the marketplace.
b.
The client makes three major assertions in a WebTrust engagement about its electronic commerce
practices. The principles involved in a WebTrust engagement address the following:
An entitys business and information privacy practices; that is the entity discloses
its business and information privacy practices for e-commerce transactions and
executes transactions in accordance with its disclosed practices.
A business may make representations about these three criteria without asking for an assurance report
from a CPA. However, the public may not attach the same degree of credibility as they would if the
assertion was the subject of an attest engagement. The business needs to make a judgment about the
importance of having the assertion attested to by a CPA.
d.
20-23.
a.
The primary clients that would be interested in a SysTrust engagement are entities that prepare,
process, or maintain information that is used by others for decision-making. For example, a supplier
in a strategic alliance may make production decisions based on information obtained from customer
about its sales and inventory levels. The supplier may want assurance about the reliability of
information obtained from the customer because of its strategic importance to decisions made by the
supplier. Hence, the customer might engage the CPA to attest to the reliability of the system. If
the end customer must coordinate product obtained from several suppliers, the need for SysTrust
engagement may increase to ensure coordination of strategic decisions by all parties.
b.
The SysTrust principles and criteria address four major concerns about system reliability: (1) System
availability, (2) system security, (3) system integrity, and (4) system maintainability. A SysTrust
engagement provides reasonable assurance that these four principles and related criteria were achieved
during a specific time period. Users should understand the inherent limitations associated with the fact
that:
Because of inherent limitations of controls, errors or fraud may occur and not be
detected. Even a strong system of internal control might not find every fraud,
particularly fraud that involves collusion.
Users should not project any conclusions, based on our findings, to future periods.
There is a risk that changes made to the system or controls, changes in processing
requirements, or failure to make changes required because of the passage of time,
may alter the validity of conclusions on past performance.
c.
A CPA that sells time on its accounting system to small business clients where they can log onto the
system and maintain their own general ledger, could engage another independent CPA to issues a
SysTrust report on the accounting system associated with the systems availability, security, integrity
and maintainability. The CPA could not issue an attestation report on its own system as it would not be
independent. Further, there may be a risk that users may misunderstand the SysTrust report and expect
that the CPAs system will ensure that financial statements that result from the system are prepared in
accordance with GAAP. No such assurance could be provided as the CPA would not know the basis
transactions recorded using the system.