What are the six principles of the AICPA Code of Professional Conduct?
The six principles (articles) of the Code of Conduct are:
- Responsibilties
- Public interest
- Integrity
- Objectivity and Independence
- Due care
- Scope and nature of services
Under the AICPA Code of Professional Conduct, Rule 101, independence is impaired:
- If a member has a direct financial interest with attestation clients without regard to materiality;
- If a member has a material indirect financial interest in the client;
- If a member or a member’s immediate family member has a loan to or from the client;
- If a member accepts more than a token gift;
- If a member is an employee of or makes management decisions on behalf of the client;
- If the client is overdue more than one year in the payment of professional fees to the member; and
- If there is actual or threatened litigation between the member and the client
According to the AICPA Code of Professional Conduct, Rule 203, a departure from GAAP may be justified under what circumstances?
A departure from GAAP may be justified only if compliance with GAAP would cause the F/S to be misleading.
Under Rule 301, in what circumstances must a CPA disclose confidential client information without the consent of the client?
A CPA must disclose confidential information without client consent under the following circumstances:
- It is necessary to comply with a valid subpoena or summons
- As part of a quality review of the CPA’s profesional practices authorized by the AICPA
- In response to any inquiry made by the ethics division or the trial board of the AICPA, or by a duty-constituted investigative body of a state CPA society
When are contingent fees prohibited under Rule 302?
Contingent fees are prohibited for:
- Audit of F/S
- Reviews of F/S
- Examinations of prospective financial information
What is an “issuer” and what group establishes standards for audit reports of issuers?
An issuer is an entity subject to the rules of the SEC (this would include primarily public companies)
The Public Company Accounting Oversight Board (PCAOB) establishes standards for audit reports of issuers.
Titel I of the Sarbanes-Oxley Act of 2002 (SOX) requires that registered firms must adhere to what auditing standards?
- Audit workpapers must be maintained for seve years
- A concurring or second partner review is required for each audit report
- The audit report must describe the scope of the testing of the issuer’s internal controls
Under SOX Title II, what services must be preapproved by the audit committee and what services may not be provided to an audit client?
All auditing services and permitted non-audit services (including tax services) must be preapproved by the audit committee
Prohibted services include:
- Bookkeeping
- Financial information systems desgin and implementation
- Appraisal and valuation services
- Actuarial services
- Management functions and HR functions
- Internal audit outsourcing services
- Investment-related services
- Legal services
- Expert services unrelated to the audit
(Note: SEC regulation S-X contains these same rules)
What are the audit partner rotation rules under SOX Title II and SEC Regulation S-X?
- Both SOX and Regulation S-X required the lead and concurring partner to rotate off the audit every 5 years
- Regulation S-X further requires other partners to rotate off every 7 years. Lead and concurring partners are subject to a 5 year “time out” and other partners are subject to a 2 year “time out”
What must be reported by the auditor to the audit committee under SOX Title II and SEC Regulation S-X?
- Critical accounting policies and procedures used
- Alternative accounting treatments discussed with management, the ramifications of alternatives, and the treatment preferred by the auditor
- Material written communications between the auditor and management
What is the required cooling-off period under SOX Title II and SEC Regulation S-X?
The audit firm cannont have employed an issuer’s CEO, CFO, controller, CAO, or other employee in a financial reporting oversight role during the one year preceding the audit.
What is the required content of management’s internal control report under SOX Title IV?
- Management’s responsibility for establishing an adquate internal control structure for financial reporting
- An assessment of the effectiveness of the current year’s control structure
What are the PCAOB’s tax-related independence rules?
- Registered firms may not provide confidential or aggresive tax transactions to audit clients
- Registered firms may not provide tax services to corporate officers of audit clients or their immediate family members
- Audit committee must preapprove tax services and related fees
Under the SEC’s principles of independence, a client relationship or a service provided to an audit client would create independence issues if it:
- Creates a mutual or conflicting interest between the auditor and client
- Results in the auditor acting as management or an employee of the audit client
- Places the auditor in a position of auditing his or her own work
- Makes the auditor an advocate for the audit client
Explain the conceptual framework approach under IFAC’s Code of Ethics and idenfity threats to compliance with its fundamental principles
IFAC’s Code is based on a conceptual framework (versus a set of rules) that requires entities to identify, evaluate, and address threats to compliance with its fundamental principles. These threats include:
- Self-interest threat
- Self-review threat
- Advocacy threat
- Familiarity threat
- Intimidation threat
How long must audit documentation be retained for issuers and nonissuers?
PCAOB rules require that auditors retain audit documentation of public companies (issuers) for seven years from the report release date
SAS rules require that auditors keep audit documentation for nonissuers for a least 5 years from the report release date.
The report release date is the date on which the auditor gives the client permission to use the report (often the date the report is delivered to client)
What are the advantages and disadvantages of auditing with a computer?
Advantages:
- Less math errors due to automatic performance of math on all documents
- Automatic cross-referencing of amounts by linking each lead schedule to the working trial balance and F/S
- Automatic preparation of F/S, tax return schedules, and consolidation schedules
- Reduction in required supervisory review time
- Automatic performance of certain analytical review procedures
- Enhanced client service
- Improved morale and productivity of audit team
Disadvantages:
- Audit documentation may not contain readily-observable details of calculations
Describe the “auditing around the computer” and identify when it is appropriate and not appropriate
When auditing around the computer, the auditor does not directly test the application program, but instead tests the input data, processes the data independently, and then compares the independent results to the program results.
This method is appropriate for simple batch systems that have a good audit trail. Auditing around the computer is not appropriate when there is insufficient paper-based evidence.
List and briefly define the types of computer assistend audit techniques (CAATs) that may be used
- Transaction tagging - electronically marks specific transactions
- Embedded audit modules - sections of program code collect data for the auditor
- Test data - use of the client’s system to process the auditor’s data, off-line
- Integrated test facility - use of the client’s system to process the auditor’s data, online
- Paralle simulation - use of the auditor’s system to re-process client data
In conducting an audit of an organization receiving federal financial assistance, what additional audit procedures must be performed in addition to the general requirements of GAAS and GAGAS?
Those procedures performed under GAAS and GAGAS plus:
- The auditor should obtain and document an understanding of internal control established to ensure compliance with the laws and regulations appicable to the fedreal financial assistance
- In some instances, tests of controls are mandated to evaluate the effectiveness of such controls
Audits of govenmental entities may draw on up to 3 sets of standards or supplementary requirements. What are they and what are the circumstances that surround their application?
Generally Accepted Auditing Standards (all audits)
Generally Accepted Government Auditing Standards (Yellow Book audits): auditee is a government, or receives financial assistance from the government
OMB Circular A-133 (Single Audits of Federal Financial Assistance): an entity expending more than $500,000 in federal financial assistance annually
Identify the additional auditor responsibilities associated with government audits under GAGAS
- Obtaining an understanding of how laws, rules, and regulations relate to F/S amounts
- Assessing the degree to which management has identified laws, rules and regulations that have a material impact on F/S amounts
- Obtaining reasonable assurance that F/S are free from material misstatements resulting from violations of laws, rules, and regulations associated with the determination of F/S amounts
- Communication to management, as appropriate, that GAAS procedures alone will not fulfill additional audit requirements related to an audit of a government or of governmental assistance.
Identify the 3 types of governmental audits/engagements normally undertaken by CPAs
Financial Audits
- Engagements primarily designed to determine the fair presentation of F/S in conformity with GAAP or an OCBOA. Financial audits also include audits of specified elements of the F/S, etc.
Attestation Engagements
- Examinations, reviews, and agreed upon procedures, etc.
Performance Audits
- Effectiveness, economy and efficiency audits, internal controls and compliance audits
In conducting an audit of an organization under Generally Accepted Government Auditing Standards, what audit documentation, in addition to that required by Generally Accepted Auditing Standards, must also be included?
Internal control documentation must include:
- Consideration of procedures that ensure the auditee’s compliance with laws, rules and regulations
- Written representations from management with regard to management’s identification of material laws, rules and regulations; management’s responsibility for ensuring compliance with laws, rules and regulations; and management’s knowledge of any violations that should be disclosed or recorded.
