2016 Wiley CPAexcel ® exam review FOCUS NOTES 2016 Wiley CPAexcel ® exam review FOCUS NOTES Auditing and Attestation Cover Design: Wiley Cover image: © turtleteeth/iStockphoto Copyright © 2016 by John Wiley & Sons, Inc All rights reserved Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-7504470, or on the Web at www.copyright.com Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at http:// www.wiley.com/go/permission Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993 or fax 317-573-4002 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books For more information about Wiley products, visit our Web site at http://www.wiley.com ISBN: 978-1-119-12001-8 (paperback); 978-1-119-24089-1 (ebk); 978-1-119-24090-7 (ebk) Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 Contents Preface vii About the Author ix About the Contributor ix Module 1: Module 2: Module 3: Module 4: Module 5: Module 6: Module 7: Module 8: Professional Responsibilities Engagement Planning, Obtaining an Understanding, and Assessing Risks Understanding Internal Control and Assessing Control Risk Responding to Risk Assessment: Evidence Accumulation and Evaluation Reporting Accounting and Review Services Audit Sampling Auditing with Technology Index 32 64 96 157 233 253 269 277 v Preface This publication is a comprehensive, yet simplified study program It provides a review of all the basic skills and concepts tested on the CPA exam and teaches important strategies to take the exam faster and more accurately This tool allows you to take control of the CPA exam This simplified and focused approach to studying for the CPA exam can be used: • • • As a handy and convenient reference manual To solve exam questions To reinforce material being studied Included is all of the information necessary to obtain a passing score on the CPA exam in a concise and easy-to-use format Due to the wide variety of information covered on the exam, a number of techniques are included: • • • Acronyms and mnemonics to help candidates learn and remember a variety of rules and checklists Formulas and equations that simplify complex calculations required on the exam Simplified outlines of key concepts without the details that encumber or distract from learning the essential elements vii • • • Techniques that can be applied to problem solving or essay writing, such as preparing a multiple-step income statement, determining who will prevail in a legal conflict, or developing an audit program Pro forma statements, reports, and schedules that make it easy to prepare these items by simply filling in the blanks Proven techniques to help you become a smarter, sharper, and more accurate test taker This publication may also be useful to university students enrolled in Intermediate, Advanced and Cost Accounting; Auditing, Business Law, and Federal Income Tax classes; or Economics and Finance Classes Good luck on the exam, Ray Whittington, PhD, CPA Preface viii About the Author Ray Whittington, PhD, CPA, CMA, CIA, is the dean of the Driehaus College of Business at DePaul University Prior to joining the faculty at DePaul, Professor Whittington was the Director of Accountancy at San Diego State University From 1989 through 1991, he was the Director of Auditing Research for the American Institute of Certified Public Accountants (AICPA), and he previously was on the audit staff of KPMG He previously served as a member of the Auditing Standards Board of the AICPA and as a member of the Accounting and Review Services Committee and the Board of Regents of the Institute of Internal Auditors Professor Whittington has published numerous textbooks, articles, monographs, and continuing education courses About the Contributor Kurt Pany, PhD, CPA, is a Professor of Accounting at Arizona State University His basic and advanced auditing courses provided the basis on which he received the Arizona Society of CPA’s Excellence in Teaching Award and an Arizona CPA Foundation Award for Innovation in the Classroom for the integration of computer and professional ethics applications His professional experience includes serving for four years on the AICPA’s Auditing Standards Board, serving as an academic fellow in the Auditing Division of the AICPA, and prior to entering academe, working as a staff auditor for Deloitte and Touche ix Calculating the Projected Misstatement 1) Determine items in sample containing misstatement 2) If item has dollar amount ≥ sampling interval, misstatement is added to projected misstatement 3) If item has dollar amount < sampling interval, effect of misstatement on projected misstatement must be calculated and added to the projected misstatement • Calculate a tainting factor = Amount of misstatement ÷ Dollar amount of item • Projected misstatement = Taint % × Sampling interval Focus on Audit Sampling—Module 268 AUDITING WITH TECHNOLOGY Responsibilities in an Information Technology Environment Audit objectives are the same when financial records are manual or developed in an information technology (IT) environment In an IT environment, the auditor should consider • • • • • Client use of computers in significant accounting applications Complexity of the entity’s computer operations Organizational structure of computer processing activities Availability of data Use of computer assisted audit techniques (CAATS) for audit procedures Focus on Auditing with Technology—Module 269 Controls in an IT Environment As a result of limited segregation of duties and a reduced paper audit trail, the auditor will often have to rely more heavily on the ability to reduce control risk rather than detection risk in order to keep audit risk at an acceptably low level The objectives of controls in an IT environment are • • • • • • Completeness Accuracy Validity Authorization Timeliness Integrity Controls will include general controls, application controls, input controls, processing controls, and output controls Focus on Auditing with Technology—Module 270 Auditing through the Computer Once the auditor obtains an understanding of internal control, a decision will be made as to the planned assessed level of control risk • • The auditor may plan to assess control risk at the maximum when the client’s computer system is relatively simple and there is a sufficient audit trail When the client’s computer system is complex, the lack of an audit trail may prevent the auditor from adequately reducing detection risk through the performance of substantive tests and the auditor will need to set control risk below the maximum This will require the performance of tests of controls in relation to those control activities on which the auditor intends to rely Focus on Auditing with Technology—Module 271 Testing General Control Activities The auditor will generally first test general control activities The auditor can test • • • • • Personnel policies by inspecting personnel manuals, observing the appropriate segregation of duties, and verifying restrictions on the access to the system through the use of passwords File security by inspecting external labels on files and using the computer to read internal labels, and observing the existence of lockout procedures and file protection Contingency plans by observing the existence of multiple generations of backup files, discussing disaster recovery plans with management, and observing the existence of a hot or cold site Facilities by observing the appropriateness of the location and the limitations on access and by confirming the existence of insurance Access to computer files by verifying the use of passwords to prevent unauthorized individuals from obtaining access Focus on Auditing with Technology—Module 272 Testing Application Control Activities If general controls are in place and operating effectively, reliance may also be placed on application control activities The auditor can test input and output controls largely through observation Processing controls, on the other hand, may be tested in a variety of ways In testing controls over the development of, and changes to, programs and systems design, the auditor might • • • • • Make inquiries of personnel Review minutes of meetings of computer staff and users Inspect documentation of testing performed before programs were put into use Review documentation of program changes and compare them to management approvals Inspect manuals being used by operators and other users Focus on Auditing with Technology—Module 273 Testing Application Control Activities (continued) Computer assisted audit techniques, or CAATs, are used to test the operation of software These include test data, controlled programs, integrated test facilities, program analysis, tagging and tracing, and generalized audit software programs Test data includes one example of each type of exception and is run through the company’s computer programs The auditor compares results to expected results to evaluate the processing of the data and handling of exceptions Controlled programs are copies of the client’s programs that are under the control of the auditor The auditor processes the client’s data using these programs and compares the results to those of the client to evaluate the client’s processing of the data Using an integrated test facility, fictitious and real transactions are processed simultaneously using the client’s system The auditor can review the client’s processing of the data to evaluate the effectiveness of the programs Focus on Auditing with Technology—Module 274 Testing Application Control Activities (continued) Program analysis techniques involve the use of software that will allow the computer to generate flowcharts of other programs The auditor can examine the flowcharts to evaluate the effectiveness of the client’s programs By tagging transactions, they may be traced through the system and the auditor is provided a printout of the steps followed in processing them Generalized audit software packages test the reliability of the client’s programs These packages are used to perform many specific audit procedures One application is parallel simulation in which the software is designed to process data in a manner that is essentially the same as that used by the client’s program Focus on Auditing with Technology—Module 275 Auditing with the Computer The auditor may use the computer to perform substantive tests Once the auditor has access to the client’s data, the computer can be used to • • • • • Examine the client’s data for validity, completeness, and accuracy Rearrange and analyze the client’s data Select client data for audit samples Compare similar data contained in two or more of the client’s files to identify discrepancies Compare the results of audit procedures, such as test counts, to the client’s data The use of computers in the performance of an audit does not change the auditor’s responsibility to adhere to the standards of fieldwork Methods, however, may change There may be a reduction in the use of working papers to reduce the auditor’s ability to observe the details of calculations when reviewing the work of staff assistants Focus on Auditing with Technology—Module 276 Index Accounting and Review Services, 233 Accounting Cycles, 83 Accounting Estimates, 140 Actions Resulting from Evidence of Fraud, 52 Allowable Risk of Incorrect Acceptance, 263 Analytical Procedures, 103,244 Assessing Control Risk, 67 Assessing Risk of Fraud, 46 Assurance Provided by Auditor, 53 Attestation Engagements, 200, 220, 231 Attribute Sampling, 258–259 Audit Committee, 93, 28 Audit Reports, 157 Audit Risk, 33 Audit Risk Model, 36 Auditing Accounts Payable and Purchases, 125–127 Auditing Accounts Receivable and Sales, 117–121 Auditing Cash, 114–116 Auditing Equity, 137–139 Auditing Inventory, 122–124 Auditing Investments and Investment Income, 128–130 Auditing Long-Term Debt and Interest Expense, 134–136 Auditing Property, Plant, and Equipment, 131–133 Auditing Specific Accounts, 109 Auditing through the Computer, 271 Auditing with the Computer, 276 Communication with Predecessor Auditor, 54 Comparative Financial Statements, 183, 184, 252 Compilation Report, 239 Compilations, 240 Components of Audit Risk, 35 277 Components of Internal Control, 65 Condensed Financial Statements and Selected Data, 194 Consideration of Fraud in a Financial Statement Audit, 40 Consideration of Internal Control, 64 Control Activities, 6, 272 Control Environment, 69 Controls in an IT Environment, 270 Department of Labor Independence Requirements for Employee Benefit Plans, 30 Departures from GAAP, 176–177, 247 Documentation, 51 Documentation of Internal Control, 1–82 Downgrading Engagements, 251 Effects of Fraud Assessment, 48 Engagement Letter, 55–56 Evaluation of Misstatements, 39 Financial Statement Preparation, 234–235 Financial Statement Reviews, 241–243 Flowcharts, 74 Fraud and Illegal Acts in Compilation or Review Engagements, 248 Fraud Risk Factors, 42–46 Further Reducing the Assessed Level of Control Risk, 80 GAO Code of Ethics, 25 Government Auditing Standards, 222 Governmental Auditing, 221 Inconsistencies, 185 Independence, 11–19, 17 Index 278 Information and Communication, 68 Institute of Internal Auditors Code of Ethics, 26 Internal Control Questionnaire, 75 International Auditing and Assurance Standards, 31 International Ethics Standards, 29 Issues Related to Substantive Testing, 140 Letters to Underwriters, 196 Litigation, Claims and Assessments, 145 Major Federal Programs, 225 Management Representations, 143–144 Materiality, 37–38 Monitoring, 68 Nature, Timing, and Extent of Audit Evidence, 98–99 Nonattest Services, 18–19 Omitted Procedures, 155 Other Responsibilities and Practices, 21 PCAOB Audit Standard 156 Planning Compilations, 238 Planning Considerations, 57 Probability Proportional to Size (PPS) Sampling, 265 Professional Responsibilities, Prospective Financial Statements, 201–203 Purchases and Spending Cycle, 86–87 Quality Control, 22 Related Parties, 148 Relationship of Control Risk to Tests of Controls, 79 Reliability, 97 Index 279 Reporting on Pro Forma Financial Information, 204 Reports on Internal Control in Connection with an Integrated Audit, 208–216 Reports under the SAA, 228 Responsibilities in an Information Technology Environment, 269 Responsibilities to Clients, 20 Responsibility to Detect and Report Illegal Acts, 49–52 Revenue Cycle, 85 Review Report, 246 Reviews, 1–243 Risk Assessment, 67 Sampling, 253 Sampling Risk, 253 Sampling Risk and Substantive Tests, 256 Sampling Risk and Tests of Control, 254–255 Sarbanes-Oxley Act, 27 Scope Limitations, 179 Separate Engagements on Internal Control, 217 Single Audit Act, 221,224 Special Reports Financial forecasts and projections, 201–203 Pro forma financial information, 204 Specialists, 60–61 Standard Report—An Unqualified Opinion, 160 Standards for Consulting Services, 24 Statements Used in Other Countries, 195 Steps in Consideration of Fraud, 41 Subsequent Discovery of Facts, 154 Subsequent Events, 152–153 Summary of Relationship among GAAS, GAS, and SAA, 229 Index 280 Tax Preparer, 23 Test of Balances Approach, 111 Test of Transactions Approach, 112 Testing Application Control Activities, 273–275 Testing General Control Activities, 272 Tests of Controls, 77–78 Timing of Audit Procedures, 100 Types of Fraud, 40 Types of Statistical Sampling, 257 Types of Substantive Tests, 102 Understanding of the Client and Its Environment, 59 Understanding the Design of Internal Control, 72–73 Using Management Assertions to Develop Audit Programs, 109 Variables Sampling, 262 Variations of Attribute Sampling, 261 Working Papers, 149–151 Index 281 WILEY END USER LICENSE AGREEMENT Go to www.wiley.com/go/eula to access Wiley’s ebook EULA .. .2016 Wiley CPAexcel ® exam review FOCUS NOTES 2016 Wiley CPAexcel ® exam review FOCUS NOTES Auditing and Attestation Cover Design: Wiley Cover image: © turtleteeth/iStockphoto Copyright © 2016. .. Understanding, and Assessing Risks Understanding Internal Control and Assessing Control Risk Responding to Risk Assessment: Evidence Accumulation and Evaluation Reporting Accounting and Review. .. tested on the CPA exam and teaches important strategies to take the exam faster and more accurately This tool allows you to take control of the CPA exam This simplified and focused approach to