Shared Flashcard Set

Details

SU 9
Internal Control Communications and Reports
119
Accounting
Undergraduate 4
06/01/2015

Additional Accounting Flashcards

 


 

Cards

Term
auditor's responsibility for communicating deficiencies
Definition
the auditor has a responsibility to communicate IN WRITING significant deficiencies and material weaknesses to management and those charged with governance.
Term
other issues (besides deficiencies) relating to the conduct of an audit
Definition
also should be communicated to management and those charged with governance, whether relating to IC or the audit in general.
Term
SOX requirement for issuers w/regards to internal control over financial reporting (ICFR) effectiveness
Definition
Public companies (issuers) are required by SOX to provide a management assessment of the effectiveness of ICFR in annual reports (PCAOB Standard No. 5).
Term
Auditor IC opinion
Definition
The auditor must express or disclaim an opinion on IC, not on management's assessment.
Term
Are nonissuers required to report on effectiveness of ICFR. If so, what kind of report is used.
Definition
For nonissuers, CPA may be engaged to provide a report on the effectiveness of an entity's ICFR; services and reports issued are governed by AICPA's AT 501.
CPA may be either user or preparer of a report prepared in accordance with AU 324, and AT 801. Such a report may affect the user CPA's assessment of a client's RMM.
Term
Is an F/S auditor is required to perform procedures specifically to identify deficiencies in IC or express opinion on IC?
Definition
No.
Term
deficiency
Definition
exists when design or operation of a control does not allow management or employees, in the normal course of their assigned functions, to prevent misstatements or detect and correct them on a timely basis.
Term
significant deficiency
Definition
deficiency, or combination of deficiencies, in IC that is less severe than a material weakness, but merits attention by those charged w/governance
Term
material weakness
Definition
deficiency, or combination of deficiencies, in IC that results in a reasonable possibility (reasonable possible or probable) that a material misstatement of the F/S will not be prevented or timely detected and corrected
Term
severity of deficiency
Definition
depends on the magnitude of the potential misstatement and whether a reasonable possibility exists that the controls will fail.
Severity does not depend on actual occurrence of a misstatement.
Term
magnitude of deficiency
Definition
depends on, among other things, the F/S transactions or amounts involved and the activity in the relevant balance or transaction class.
Term
maximum overstatement
Definition
ordinarily is the recorded amount, but the understatement may be greater.
The auditor need not quantify the probability of misstatement.
A small misstatement is usu. more likely than a large misstatement.
Term
risk factors that indicate whether a reasonable possibility exists that deficiencies will result in a misstatement
Definition
Accounts, transaction classes, disclosures, and assertions involved
Susceptibility of the related asset or liability to loss or fraud
Degree of judgment required to determine the amount involved
Relationship of the control with other controls
Interaction among deficiencies
Possible consequences of the deficiency
Term
Can effective compensating controls eliminate a deficiency?
Definition
No, but they can limit the severity of a deficiency and prevent it from being reportable. The auditor must also test these compensating controls that are in effect for operating effectiveness.
Term
Is an F/S auditor is required to perform procedures specifically to identify deficiencies in IC or express opinion on IC?
Definition
No.
Term
deficiency
Definition
exists when design or operation of a control does not allow management or employees, in the normal course of their assigned functions, to prevent misstatements or detect and correct them on a timely basis.
Term
significant deficiency
Definition
deficiency, or combination of deficiencies, in IC that is less severe than a material weakness, but merits attention by those charged w/governance
Term
material weakness
Definition
deficiency, or combination of deficiencies, in IC that results in a reasonable possibility (reasonable possible or probable) that a material misstatement of the F/S will not be prevented or timely detected and corrected
Term
severity of deficiency
Definition
depends on the magnitude of the potential misstatement and whether a reasonable possibility exists that the controls will fail.
Severity does not depend on actual occurrence of a misstatement.
Term
magnitude of deficiency
Definition
depends on, among other things, the F/S transactions or amounts involved and the activity in the relevant balance or transaction class.
Term
maximum overstatement
Definition
ordinarily is the recorded amount, but the understatement may be greater.
The auditor need not quantify the probability of misstatement.
A small misstatement is usu. more likely than a large misstatement.
Term
risk factors that indicate whether a reasonable possibility exists that deficiencies will result in a misstatement
Definition
Accounts, transaction classes, disclosures, and assertions involved
Susceptibility of the related asset or liability to loss or fraud
Degree of judgment required to determine the amount involved
Relationship of the control with other controls
Interaction among deficiencies
Possible consequences of the deficiency
Term
Can effective compensating controls eliminate a deficiency?
Definition
No, but they can limit the severity of a deficiency and prevent it from being reportable. The auditor must also test these compensating controls that are in effect for operating effectiveness.
Term
indicators of a material weakness
Definition
Identification of any fraud by senior management
Restatement of F/S to correct a material misstatement due to fraud or error
Identification by the auditor of a material misstatement that would not have been detected by IC
Ineffective oversight of financial reporting and IC by those charged w/governance
Term
auditors and prudent officials
Definition
The auditor considers whether prudent officials, having the same knowledge, would agree with the auditor that deficiencies are not a material weakness.
Term
examples of possible deficiencies, significant deficiencies, and material weaknesses related to design
Definition
Inadequate design of ICFR
Inadequate design of controls over a significant account or process
Inadequate documentation of the IC components
Insufficient control consciousness
Absent or inadequate separation of duties
Absent or inadequate controls over the safeguarding of assets
Inadequate design of IT general (overall impression of controls) and application (application software) controls
Employees or management who lack the proper qualifications and training
Inadequate design of monitoring controls
The absence of an internal process to timely report deficiencies
Term
examples of possible deficiencies, significant deficiencies, and material weaknesses related to operations
Definition
Failures in the operation of effectively designed controls over a significant account or process
Failure of the information and communication component of IC to provide timely, complete, and accurate information
Failure of controls designed to safeguard assets
Failure to perform reconciliations of significant accounts
Undue bias or lack of objectivity by those responsible for accounting decisions
Misrepresentation by client personnel to the auditor
Management override of controls
Failure of an application control caused by deficient design or operation of an IT general (overall) control
An excessive observed deviation rate in a test of controls
Term
communication
Definition
Auditor should communicate in writing significant deficiencies and material weaknesses to management and those charged w/governance, even if they have been corrected.
Communication is best made at audit report release date, but no later than 60 days after.
Communication of significant and urgent matters need not be written.
Management or those charged w/governance may consciously decide to accept the risk of significant deficiencies or material weaknesses.
The auditor may communicate nonsignificant deficiencies and/or other matters to the entity either orally or in writing.
Term
Should the auditor ever issue written communication that no significant deficiencies or material weaknesses were found?
Definition
Usually no. Not unless the client requests that the auditor communicate to a govt. authority.
Term
responsibility of governance
Definition
Those charged with governance are responsible for oversight of the entity's strategic direction and accountability, including the financial reporting process. The BOD and audit committee are typical governance bodies.
Term
2-way communication
Definition
is expected and should provide governance w/information about matters relevant to their responsibilities, including an overview of the audit process and of the auditor's responsibilities.
It also should allow the auditor to obtain information relevant to the audit.
Term
Should auditor communication be oral or in writing?
Definition
It can be either, but it must be documented.
A written communication should indicate that it is for the sole use of governance.
Term
When should auditors communicate to governance (likely in writing)?
Definition
Communication should take place on a timely basis to enable governance to meet their responsibilities for oversight of financial reporting.
Term
Should management communicate some matters to governance?
Definition
It may be appropriate for management to communicate certain matters to governance, and auditors should be satisfied these communications have occurred. Certain discussions may be inappropriate.
Term
What matters should be communicated between auditors and governance?
Definition
auditor's responsibilities under GAAS, an overview of the audit, and significant findings.
Term
auditor's responsibilities under GAAS
Definition
Auditor may provide copy of engagement letter to those charged w/governance, indicating that, among other things,
Auditor responsible for opinion about fairness of F/S presentation
Auditor does not relieve management or those charged w/governance of financial reporting responsibility
Term
planned scope and timing of audit (issues addressed in communication)
Definition
How the auditor proposes to address RMM due to error or fraud
Issues related to IC and IA function; and
The concept of materiality in planning and executing the audit.
Term
Should the auditor discuss details of audit procedures to be used?
Definition
Never.
Term
W/regards to significant accounting practices, the auditor should inform governance about...
Definition
How the auditor proposes to address RMM due to error or fraud
Issues related to IC and IA function; and
The concept of materiality in planning and executing the audit.
Term
nonroutine transaction
Definition
significant and unusual transaction
Term
communication of misstatements
Definition
All known and likely misstatements, other than those judged trivial, must be communicated to management. All uncorrected misstatements should be communicated to those charged w/governance, along with their potential effect if uncorrected.
Term
communication of disagreements
Definition
The auditor and those charged w/governance should discuss any disagreements about matters significant to the statements or the audit report.
Term
communication of matters concerning the entity
Definition
The auditor and those charged w/governance should discuss business conditions affecting the entity, plans and strategies affecting the RMMs, the initial or recurring retention of the auditors, and the application of accounting principles.
Term
communication of independence issues
Definition
Discussions may be appropriate about circumstances or relationships that, in the auditor's professional judgment,
May reasonably bear on independence and
Were given significant consideration by the auditor in reaching the conclusion that independence has not been impaired.
Term
communication of going concern issues
Definition
Events or conditions may, when examined in the aggregate, indicate substantial doubt about the entity's ability to continue as a going concern for a reasonable period of time.
If, after considering management's plans in response to the events or conditions identified, the auditor concludes that the substantial doubt remains, the auditor should communicate the following to those charged with governance:
The possible effect on the F/S and the adequacy of related disclosures contained in them.
The effects on the auditor's report.
Term
Under SOX, auditors are required to report all of the following to governance...
Definition
All critical accounting policies and practices to be used
All material alternative treatments of financial information w/in GAAP discussed w/management
Ramifications of the use of alternative treatments and disclosures
Treatment preferred by auditor
Term
What standard provides guidance on the required process for issuers? For nonissuers?
Definition
Issuers: PCAOB's AS No. 5
Nonissuers: AT 501; consistent with AS 5.
Term
differences between issuers and nonissuers
Definition
Basic differences are that nonissuers are not required to have an integrated audit and required reports refer to AICPA, not PCAOB standards.
Term
accelerated filers and requirements
Definition
Issuers w/market equity of $75+ million (accelerated filers) must include in their annual report management's assessment of the design and effectiveness of ICFR.
Term
auditor responsibility w/respect to IC
Definition
Auditor to express opinion on ICFR (not management's assessment of it, except this is allowed under AT 501) based on control criteria. But IC is ineffective if a material weakness exists (adverse opinion).
Auditor must provide reasonable assurance that material weakness does not exist.
If material weakness is not present in management's assessment, then the report is modified to reflect that.
Term
general standards (10 GAAS)
Definition
require technical training and proficiency as an auditor, independence, and the exercise of due professional care, including professional skepticism.
Term
AS No. 5
Definition
establishes field work and reporting standards for IC audit.
Term
integrated audit
Definition
ICFR + F/S. Audit should accomplish objectives of both.
Auditor should design tests of controls to obtain sufficient appropriate audit evidence to support his/her opinion on ICFR at a moment in time and taken as a whole.
Audit of IC tests controls not tested in F/S audit.
Term
planning the audit
Definition
Evaluate how the following affect audit procedures:
IC knowledge obtained from other engagements
Client industry issues
Matters related to the business
Recent changes in operations or IC
Preliminary judgments about materiality, risk, and other factors relating to the determination of material weaknesses
Control deficiencies previously communicated to audit committee or management
Legal matters
Type and extent of available evidence related to IC effectiveness
Preliminary IC judgments
Public information relevant to the likelihood of material misstatements and the effectiveness of IC
Relative complexity of operations
Knowledge about risks obtained from the client acceptance and retention evaluation
Term
relationship between the degree of risk of material weakness and amount of audit attention devoted to an area
Definition
direct relationship
Term
What affects the way in which the company achieves its control objectives?
Definition
The size and complexity of the company, its business processes, and business units.
Term
scaling
Definition
extension of the risk-based approach
Term
addressing the risk of fraud
Definition
The auditor should consider the results of the fraud risk assessment and evaluate whether controls sufficiently address the identified risks of material fraud and controls over the risk of management override.
Term
controls that address the risk of fraud
Definition
Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries.
Controls over journal entries and adjustments made in the period-end financial reporting process.
Controls over RPTs
Controls related to significant management estimates
Controls that mitigate incentives for, and pressure on, management to falsify or inappropriate manage financial results.
Term
using the work of others
Definition
IAs, company personnel, and 3rd parties working under the direction of management or the audit committee that provides evidence about IC effectiveness
The auditor should assess the competence and objectivity of the persons whose work they plan to use. Higher degree of competence and objectivity is better.
Term
materiality considerations of IC and F/S audit (are they the same between the two)
Definition
Yes.
Term
top-down approach
Definition
Auditor begins at F/S level by understanding overall risks, then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions
Term
entity-level controls (considered in top-down approach)
Definition
Related to control environment
Over management override
Monitor results of operations
Over period-end financial reporting process
To monitor other controls
Constituting entity's risk assessment process
Term
evaluating control env.
Definition
Assess whether
Management's philosophy and operating style promote effective IC.
Sound integrity and ethical values, particularly of management, are developed and understood.
The BOD or audit committee understands and exercises oversight responsibility over F/R and IC.
Term
evaluating period-end F/R process
Definition
Evaluate procedures:
Used to enter transaction totals into the G/L
Related to selection and application of accounting policies
Used to initiate, authorize, record, and process journal entries
Used to record recurring and nonrecurring adjustments to the annual and quarterly F/S
For preparing annual and quarterly F/S and related disclosures
Term
Auditors may use non-AS-5 assertions if they have tested controls over pertinent risks, including...
Definition
Size and composition of the account
Susceptibility to misstatement due to errors or fraud
Volume of activity, complexity, and homogeneity of the transactions
Nature of the account or disclosure
Accounting and reporting complexities
Exposure to losses in the account
Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure
Existence of RPTs
Changes from the prior period or disclosure characteristics
Term
walkthrough
Definition
following transactions through the process
Term
objectives most effectively achieved via walkthroughs
Definition
Understanding the flow of transactions related to relevant assertions
Identifying the points within the company's processes at which a material misstatement could arise
Identifying the controls that management has implemented to address these potential misstatements
Identifying the controls that management has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of assets.
Term
testing design effectiveness
Definition
The auditor should determine whether controls, if they are operated as prescribed by persons w/the necessary authority and competence to perform them effectively, satisfy the control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in F/S.
Term
procedures for testing design effectiveness
Definition
inquiry of appropriate personnel, observation of operations, and inspection of relevant documentation.
Term
testing operating effectiveness
Definition
Determine if control is operating as designed and the person performing the control processes the necessary authority and competence to perform the control effectively.
Term
procedures for testing operating effectiveness
Definition
inquiry of appropriate personnel, observation of the company's operations, inspection of relevant documentation, and reperformance of the control.
Term
relationship of risk to the evidence to be obtained
Definition
More risk = more testing and more competent evidence required.
A conclusion that a control is not operating effectively can be supported by less evidence.
Term
nature
Definition
tests from best to worst: reperformance, inspection, observation, and inquiry.
Term
timing
Definition
greater period of time tested and testing closer to the date of management's assessment both provide more evidence.
Term
extent
Definition
more extensive testing provides more evidence
Term
roll-forward procedures
Definition
to roll forward the results of interim work, the auditor should:
1. consider the specific controls, their associated risks, and the test results;
2. the sufficiency of evidence obtained at the interim date;
3. the length of the remaining period; and 4. the possibility of changes.
Term
evaluating identified deficiencies
Definition
Auditor should evaluate the severity of each deficiency in IC to determine whether the deficiencies, individually or in combination, are material weaknesses as of the date of management's assessment.
Term
What deficiencies are auditors required to search for?
Definition
Deficiencies that can constitute a material weakness. Auditors are not required to search for deficiencies that are less severe than a material weakness.
Term
Severity of deficiency depends on...
Definition
whether there is a reasonable possibility that controls will fail to prevent or detect a misstatement.
Term
indicators of material weaknesses
Definition
Identification of material and immaterial fraud
Restatement of F/S to correct material misstatement
Circumstances indicating that the misstatement would not have been detected by IC
Ineffective oversight over F/R and IC by audit committee
Term
auditor opinion on IC effectiveness
Definition
Auditor should opine on IC effectiveness on evidence gained from testing controls, misstatements detected, and identified control deficiencies.
Term
Auditor should obtain written representations from management for the following...
Definition
Acknowledging management's responsibilities for establishing and maintaining effective IC
Stating that management has performed an evaluation and made an assessment of IC effectiveness and control criteria (COSO)
Stating that management's and auditor's assessments are independent of each other.
Management's conclusion of IC effectiveness based on control criteria at specified date
Management has disclosed to the auditor all deficiencies in IC identified in its evaluation.
Describing any material fraud and any other fraud involving senior management or management or other employees who have a significant role in IC.
Control deficiencies identified and communicated to the audit committee during previous engagements have been resolved.
Stating whether there were, subsequent to the date being reported on, any changes in IC or factors that may significantly affect it.
Term
communication of deficiencies & when it should be made
Definition
Auditor should communicate in writing significant deficiencies and material weaknesses to management and those charged w/governance, even if they have been corrected.
Communication should be made prior to the issuance of the auditor's report.
Term
reporting on IC
Definition
May be a separate report or combined with opinion on IC.
Term
When should the audit report be dated?
Definition
Audit report should be dated no earlier than when sufficient appropriate audit evidence is obtained. Dates on F/S and IC reports are the same.
Term
components of IC/Audit report
Definition
Introductory, Scope, Definition, Inherent limitations, and Opinion paragraphs.
Term
modifications to standard IC report
Definition
Material weakness requires adverse opinion (on IC report, not F/S report).
Elements of management's annual report on IC are incomplete or improperly presented.
Scope of engagement is restricted.
Auditor refers to to the report of other auditors in their work.
Other information is contained in management's annual report on IC.
Management's annual certification under Section 302 of SOX is misstated.
Term
PCAOB AS No. 4
Definition
addresses management requests to the auditor to provide a new opinion on whether a material weakness causing adverse opinion has been remediated.
Term
Under PCAOB AS 4, is the auditor allowed to reaudit a deficient control? Do similar standards supply?
Definition
Auditor is allowed to reaudit control based on management's assertion that the deficiency has been corrected and to provide opinion relative to the control.
Similar standards apply to the new engagement as for the initial reporting engagement on IC.
Term
authoritative guidance for service organizations
Definition
AU 324 and AT 801; These standards apply to a F/S audit of an entity that uses another organization's services as part of its own information system.
Term
AU 324
Definition
provides guidance for the user auditor's use of the reports.
Term
AT 801
Definition
addresses the service auditor's preparation of the reports.
Term
a service organization's services are part of the client's information system if they have an effect on...
Definition
initiation of transactions
accounting records, supporting information, and specific accounts
Processing from initiation to inclusion of transactions in the statements
The process used to prepare statements, including estimates and disclosures
Term
The service organization standards concern...
Definition
Factors to be considered by an auditor whose client uses a service organization to process certain transactions.
Guidance to auditors who issue reports on the processing of transactions by a service organization for use by other auditors.
Term
user organization (user)
Definition
entity that is a user of a service organization (entity that uses another organization's services as part of its own information system) and whose F/S are being audited.
Term
user auditor
Definition
auditor of a user
Term
service organization
Definition
entity that provides services to user organizations
Term
service auditor
Definition
auditor who reports on the processing of transactions by a service organization
Term
report on controls implemented
Definition
service auditor's report on whether controls were properly designed and implemented

service auditor's report on a service organization's description of IC, whether they were suitably designed to achieve specified control objectives, and whether they had been implemented.
Term
report on controls implemented and tests of operating effectiveness
Definition
service auditor's report on whether controls were properly designed, implemented and operating effectively

report on controls implemented + whether the controls tested were operating w/sufficient effectiveness to provide reasonable assurance that the related objectives were achieved.
Term
significance of the service organization's controls depends on...
Definition
primarily the transactions it processes for the user and the degree of interaction between its activities and those of the user.
Term
high and low degree of interaction
Definition
When user initiates and service organization executes, degree of interaction is high and user can implement effective controls.

When the opposite occurs, low interaction and ineffective controls.
Term
user auditor responsibility
Definition
User auditor assesses control risk, among other assertions, those affected by service organization activities.
Term
importance of user auditor's assessment of control risk
Definition
User auditor assesses control risk, among other assertions, those affected by service organization activities.
Term
How does the user auditor obtain evidence of the operating effectiveness of controls?
Definition
By doing at least one of the following:
Performing tests of controls at the service organization or implemented by the user.
Obtaining a service auditor's report on controls implemented and tests of controls implemented and tests of operating effectiveness or a report on agreed-upon procedures describing tests of controls.
Term
service auditor's report
Definition
A service auditor's report on the effectiveness of controls may be intended for 2+ user auditors.

User auditor should determine whether the tests and results described are relevant to significant assertions in the user's statements and provide appropriate evidence to support assessment of control risk.
Term
Can results of substantive procedures of service auditors be used by user auditors?
Definition
Yes, results of substantive procedures performed by service auditors may be used by the user auditor as part of the evidence to support opinion on F/S.
Term
User auditors and service auditors
Definition
User auditor should make inquiries concerning service auditor's professional reputation.
User may request agreed-upon procedures.
User should not use service auditor report as a basis for his/her own opinion.
Term
service auditor responsibility
Definition
Engagement differs from F/S audit, but service auditor should follow applicable GAAS.
Service auditor should be independent of service organization but not of each user.
If service auditor becomes aware of errors, fraud, or illegal acts that may affect the user, s/he should inform governance of service organization if they do not know already. If not satisfied with response, the service auditor may consider resigning.
Term
reports on controls implemented (from service auditors) include the following...
Definition
Reference to aspects of service organization covered
Description of service auditor's procedures
Identification of the party stating the control objectives
Statement of purposes of the engagement
Disclaimer of opinion on operating effectiveness
Are relevant aspects of controls fairly presented? Were they suitably designed to provide reasonable assurance that the control objectives would be achieved if complied w/satisfactorily?
Statement of inherent limitations
Identification of the parties for whom the report is intended
References to a description of tests, controls tested, tests applied, and test results. Indicate the nature, timing, and extent tests, as well as test's affects on control risk.
Time period covered by audit.
Service auditor opinion on effectiveness of controls.
Statement that no opinion on control objectives is listed.
Statement that effectiveness and significance of the service organization's controls are dependent on their interaction w/factors present at individual user organizations.
Statement that service auditor has performed no procedures to evaluate the effectiveness of controls at individual user organizations.
Term
Service auditors should written representations from the service org.'s management about...
Definition
Acknowledging management's responsibilities for establishing and maintaining effective IC
Stating that management has performed an evaluation and made an assessment of IC effectiveness and control criteria (COSO)
Stating that management's and auditor's assessments are independent of each other.
Management's conclusion of IC effectiveness based on control criteria at specified date
Management has disclosed to the auditor all deficiencies in IC identified in its evaluation.
Describing any material fraud and any other fraud involving senior management or management or other employees who have a significant role in IC.
Control deficiencies identified and communicated to the audit committee during previous engagements have been resolved.
Stating whether there were, subsequent to the date being reported on, any changes in IC or factors that may significantly affect it.
Term
service org. must prepare a description of its system, including...
Definition
The nature of service to users.
How the service is provided.
Controls over the service.
Control objectives.
Term
type 1 report
Definition
opines on the fair presentation of the description and whether the controls are suitably designed
Term
suitably designed
Definition
controls can attain the control objectives if they operate effectively
Term
type 2 report
Definition
expresses type 1 opinions plus an opinion on whether or not controls were operating effectively
Term
operating effectively
Definition
meeting the control objectives
Term
written assertion
Definition
Management must give the service auditor a written assertion about the fair presentation of the system description and the suitability of the design of controls and their operating effectiveness.
Term
system description
Definition
The system description and the opinion on it address the period covered by the tests of operating effectiveness.
Supporting users have an ad free experience!