Auditing & Attestation

I. Engagement plan, Client acceptance and agreement

A. Determine Nature and Scope

1. GAAS: board guidelines ad detailed practices and procedures – Chap 28

1) GAAS Hierarchy: a) FASB stmt & interpretations；b) FASB Technical Bulletins, AICAP A&A
Guides; c) AICPA Practice Bulletins; d) AICPA Accounting Interpretation

2) GAAS Standard (audit standard)

a) General (TIP) – training, independence, performance;

b) Field Work (SEE) – supervision & planning/ entity and its environment; evidence

c) Reporting (ACDE) – accounting = U.S GAAp; consistency; disclosure; expressing an opinion.

3) Date of report: no earlier than the last date of obtaining evidence

4) Going concern:

5) Supplementary info & Segment info

2. Std for Accounting and Review Services (SSARS) – Chap 31

1) Authorization Guidance Hierarchy: a) SSARS; b) Interpretative Publication; 3) other publication

Not precluded from issuing report on one F/S and not the others

2) Compilation:

a) Independence is not required; explicitly in the report only when lack of –

b) Reporting or non-reporting options

c) Limited to presenting, info that is rep of mgmt “scope limit”

d) Allow to omit substantially all disclosure if not misleading

3) Review:

a) Independence req

b) Inquiry or analytics (ratio analysis)

c) Disclaim of opinion

d) Not allow to omit substantially all disclosure if not misleading & scope limit
 4) Comparative F/S

a) Predecessor’s report reissued

b) Should not issue CFS when statement for one period omit substantially all of the disclosure
by GAAP

c) The same opinion is not req for all stmt

3. Std for Attestation Engagements (SSAE) – Chap 31

a) Examination; Reviews; Agree-upon procedures – no assurance

b) Type: Financial forecast/projection(prospective F/S); Pro-Forma F/S; I/C over F/R; Compliance
with contract; Mgmt D&A

4. Compliance Auditing Applicable to Govt Entity and other Recipients of Govt (Government Audit
Standard) – Chap 29

1) Type: Financial Audit; Attestation; Performance Audit

2) Req. a written report on the consideration of I/C on all audits

3) “Single Audit Act”

 Threshold: non-federal entity, >=$500K within a fiscal year

 Compliance reporting: allowability of expenditures & eligibility

5. Other Assurance Services (Chap.29)

1) Audit of Internal Control (I/C on financial reporting):

*** Auditor’s opinion relation to effectiveness of company’s ICOFR as of “ a point of time” and “ taken
as a whole”

a) Mgt responsibility: effectiveness of company’s ICOFR; evaluation/ evaluation with sufficient

evidence; written assessment of ICOFR

b) Auditor responsibility: express opinion on mgmt’s assessment of effectiveness of ICOFR

c) Test & evaluate design effectiveness: design eff to prevent/detect error or fraud

d) Test &evaluate operation effectiveness: operating as designed, authority& qualification to

perform control effectively

1. Appropriateness of engagement to meet clients needs

B. Assess engagement risk and CPA’s firm’s ability to perform the engagement (Chap 21)

1. Engagement responsibilities

a) Auditor: F/S misstmt GAAS); discover errors/ fraud/illegal/IC deficiency come to attention
 b) I/C or A/C: internal Control

c) Mgmt: prevent & detect fraud/illegal; establish& maintain I/C, legal issues, adjust Misstmt

2. Staffing and Supervision Req

3. Quality Control Stardards

*** related to CPA firm’s practice as a whole while GAAS related to individual audit engagement

a) Objective: meeting responsibility to provide profe services conform with prof std

b) Responsibility: all firm personnel should comply; design & maintain – personnel needed

c) Elements(IM APE): independence, integrity & objectivity; Monitoring; Acceptance &

Continuance of clients; Personnel Mgmt; Engagement Perf

d) Personnel Mgmt(HEAD): Hiring; Assignment of Personnel to Engagements, Advancement ,

Prof Development

4. Mgmt Integrity  impact on mgt rep

5. Research Info sources for planning and performing the engagement

C. Communicate with Predecessor A/C or Auditor

D. Decide whether to accept/continue (Chap 22)

E. Engagement Ltr (Chap 22)

 Objective of audit, mgt & auditor’s responsibilities

F. Obtain an understanding of the client’s operation, business and industry (Chap 22)

 I/C to identify type of material factors that affect RMM design T.O.C

G. Perform analytical procedures

a) Purpose: planning (req.); substantive testing (not req.); overall review (req)

b) Plausibility, predictability, and precision

c) Benford’s law
H. Preliminary Engagement Materiality (Chap 22)

a) Misstmt: misapplies GAAP; Omits necessary info; Departs from facts

b) F/S level (pervasive risks) + A/C, transaction, disclosure level (NET)

I. Assess IR & RMM from errors, fraud, and illegal acts (Chap 22)

a) AR = RMM * DR = (IR*CR) * (AP * TD)

J. Other planning matters (Chap.24)

1. Use the work of other independent auditors

a) report of predecessor auditor

2. Use the work of a specialist:

a) objectivity; no reef in auditor’s report unless for clarification

b) specialist’s responsibility: appropriateness & reasonableness of methods, assumptions &

application

3. Internal audit function:

a) objectivity & competence

4. Related parties and RPT

a) transactions: loans, sales

b) understand business purpose (lack of biz substance?)

c) disclosure: unsubstantiated rep  qualified/adverse

5. Electronic evidence (computer vs. manual) – Chap 27

*** with computer: input, process correct  output correct (eg, test data, parallel simulation, integrated
test facility)

a) audit trail only for short period

b) reduce computation error

c) system error is greater

d) error/fraud detected slowly

e) easier for unauthorized access and program change (seg. Duty)

6. Risk of auditing around the computer

***without computer

a) Input, output correct  process correct

K. Identify F/S assertions and formulate audit objectives

a) Transaction: occurrence, completeness, accuracy, cutoff, classification

b) A/C balance: existence, R&O, Completeness, Val & All

c) Presentation& Discl: occurrence & R&O, completeness, class & understandability, val & all

Sarbanes-Oxley Act:

a) PCAOB: oversee audit firms

b) Doc retention: 7 year;

c) Completion: 60 days following the report day

d) Partner retention: 5 year

II Consider I/C in both manual and computerized environments – Chap 23

1. Understanding of Biz processes and info flows

a) Components (CRIME): control activity; rish assessment, info &comm.; monitoring; control
environment

Responsibility:

b) Mgr: establish & maintain I/C

c) Auditor: communicate significant def and material weakness regarding mgt decision within 60
days after report issued- how control prevent, detect, correct material misstmt in relevant
assertion (not auditor’s duty to search for def )

2. Identify controls effective in preventing/detecting Misstmt

a) Objective: authorization, validity, recording, accountability & comparison; access

b) Procedures: segregation, tracking, reconciliation, perspective –trace, vouch

3. Doc an understanding of I/C

a) Flowchart, questionnaire, narrative

4. Limitation of I/C

a) Errors & fraud

5. Effects of Service Org in I/C – Chap 30

a) Service auditor: not req independence with all users

b) User auditor: should not ref to svc audtor’s report, consider Service auditor’s reputation

6. Test of Control

a) Not req!!  test only when i) expectation of operating eff; ii) reduce CR from sub testing alone

b) control without change: min ones/3 yr; not apply to controls mitigate a significant risk

7. Assess CR

III Obtain and doc info to form a basis for conclusion – Chap 24-27

A. Perform planned procedures

1. Application of audit sampling – Chap 26

a) Sampling risk vs. non-sampling risk

b) Non-statistical vs. statistical sampling

c) Attribute sampling: T.O.C --> A.Sderivate rate

d) Classic variable sampling: S.T  C.V.S$$

e) Probability-proportional-to-size sample: use attribute sampling theory for S.T

 Stratification by $$; used when no error expected

2. Analytical procedures:

 see above

3. Confirmation of bal and transaction with third parties

 4. Physical exam of inventories another assets

5. Other Test of details

6. CAAT (Date interrogation, extraction and analysis)

7. Substantive tests before B/S date

8. Test of unusual YE transactions

B. Evaluation contingencies

“Uncertainty”: likelihood when probably  req. disclosure; when remote  not req disclosure

C. Obtain and evaluate lawyer’s ltr

a) Ltr of outside lawyer can’t by a substitute for info obtained from inside counsel

b) Uncertainty on potential loss amt  explanatory P

D. Review subsequent events

a) Type I: after date of repot before release  adjust or qualified

b) Type II: after B/S date before issue  disclosure or qualified

*** “dual date”: req disclosure of event

c) Prevent future reliance on report

E. Obtain rep from mgmt - Chap 24

a) Date: no early than the report date

b) Subsidiary audit – obtain a rep from parent concern matters may aff subsidiary

F. Identify reportable conditions and other control def

G. Identify matters for communicate with A/C – Chap 22

a) Service provided; general info (accounting issues, mgmt dealing, SAD); significant def;
independence; quality of an SEC company’s accounting principles and underlying estimates
H. Perform procedures for accounting and review services engagements

I. Perform procedure for attestation engagement

IV. Engagement Review – objectives are achieved and info evaluation

A. Perform analytical procedures – Chap 24

a) See above

B. Evaluate the sufficiency and competence of audit evidence and document engagement conclusion

a) Nature of evidence: sufficiency & appropriately; corroborative; relevance & reliability

b) Obtain evidence: T.O.C & S.P

c) Evaluate evidence: risk assessment  planned audit procedure (N.E.T)opinion

C. Evaluate whether F/S are free of material misstmt – Chap 28

a) Unqualified

i. I/C is not mentioned in report

ii. Explanatory P: lack of consistency; uncertainty; going-concern; justifiable departure from

GAAP

b) Qualified: Omission of a basic F/S

c) Disclaim: independence

d) Scope limitation: Disclaim or qualified

D. Consider going concern exists – Chap 28

a) Auditor’s responsibility: evaluate info det substantial doubt about – in reasonable period (one
year)

b) Adequate disclosure  qualified/adverse opinion

c) Uncertainty  disclaim

E. Consider other info in doc containing audited F/S – Chap 28

a) Auditor’s responsibility: no beyond F/I

 b) Inconsistency: revise report & add explanatory P; withdraw

c) Misstatement: notify client in writing + legal counsel

F. Review work performed to provide reasonable assurance that objectives are achieved

V. Prepare Communication to satisfy engagement objectives

A. Reports:

1. Reports on Audited F/S

2. Reports on review and complied F/S

3. Reports req by GAS

4. Reports on compliance with laws and regulations

5. Reports on I/C

6. Reports on perspective F/S

7. Reports on the processing of transactions by service organizations

8. Reports on supplementary F/I

9. Special reports

10. Reports on other assurance services

11. Reissuance of reports

B. Other Req Communication

12. Errors & Fraud, illegal acts

13. Communication with audit committees

14. Other reporting considerations by SSAE

C. Other Matters

1. Subsequent discovery of facts existing at the date of auditor’s repot

2. Consideration after the report date of omitted procedures