2014 Wiley ® CPAexcel EXAM REVIEW FOCUS NOTES 2014 Wiley ® CPAexcel EXAM REVIEW FOCUS NOTES AUDITING AND ATTESTATION Cover Design by David Riedy Cover image: © turtleteeth/iStockphoto Copyright © 2014 by John Wiley & Sons, Inc All rights reserved Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-7504470, or on the Web at www.copyright.com Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at http:// www.wiley.com/go/permission Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives or written sales materials The advice and strategies contained herein may not be suitable for your situation You should consult with a professional where appropriate Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993 or fax 317-573-4002 Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books For more information about Wiley products, visit our Web site at http://www.wiley.com ISBN: 978-1-118-81683-7 (paperback); 978-1-118-85422-8 (ebk); 978-1-118-87198-0 (ebk) Printed in the United States of America 10 CONTENTS Preface About the Author About the Contributor Module 1: Module 2: Module 3: Module 4: Module 5: Module 6: Module 7: Module 8: Index Professional Responsibilities Engagement Planning, Obtaining an Understanding, and Assessing Risks Understanding Internal Control and Assessing Control Risk Responding to Risk Assessment: Evidence Accumulation and Evaluation Reporting Accounting and Review Services Audit Sampling Auditing with Technology vii ix ix 22 50 96 160 223 239 255 263 v PREFACE This publication is a comprehensive, yet simplified study program It provides a review of all the basic skills and concepts tested on the CPA exam and teaches important strategies to take the exam faster and more accurately This tool allows you to take control of the CPA exam This simplified and focused approach to studying for the CPA exam can be used: • • • As a handy and convenient reference manual To solve exam questions To reinforce material being studied Included is all of the information necessary to obtain a passing score on the CPA exam in a concise and easy-to-use format Due to the wide variety of information covered on the exam, a number of techniques are included: • Acronyms and mnemonics to help candidates learn and remember a variety of rules and checklists • • Formulas and equations that simplify complex calculations required on the exam Simplified outlines of key concepts without the details that encumber or distract from learning the essential elements vii • • • Techniques that can be applied to problem solving or essay writing, such as preparing a multiple-step income statement, determining who will prevail in a legal conflict, or developing an audit program Pro forma statements, reports, and schedules that make it easy to prepare these items by simply filling in the blanks Proven techniques to help you become a smarter, sharper, and more accurate test taker This publication may also be useful to university students enrolled in Intermediate, Advanced and Cost Accounting; Auditing, Business Law, and Federal Income Tax classes; or Economics and Finance Classes Good luck on the exam, Ray Whittington, PhD, CPA Preface viii Calculating the Projected Misstatement 1) Determine items in sample containing misstatement 2) If item has dollar amount ≥ sampling interval, misstatement is added to projected misstatement 3) If item has dollar amount < sampling interval, effect of misstatement on projected misstatement must be calculated and added to the projected misstatement • Calculate a tainting factor = Amount of misstatement ÷ Dollar amount of item • Projected misstatement = Taint % × Sampling interval Focus on Audit Sampling—Module 254 RESPONSIBILITIES IN AN INFORMATION TECHNOLOGY ENVIRONMENT Audit objectives are the same when financial records are manual or developed in an information technology (IT) environment In an IT environment, the auditor should consider • • • • • Client use of computers in significant accounting applications Complexity of the entity’s computer operations Organizational structure of computer processing activities Availability of data Use of computer assisted audit techniques (CAATS) for audit procedures Focus on Auditing with Technology—Module 255 Controls in an IT Environment As a result of limited segregation of duties and a reduced paper audit trail, the auditor will often have to rely more heavily on the ability to reduce control risk rather than detection risk in order to keep audit risk at an acceptably low level The objectives of controls in an IT environment are • • • • • • Completeness Accuracy Validity Authorization Timeliness Integrity Controls will include general controls, application controls, input controls, processing controls, and output controls Focus on Auditing with Technology—Module 256 Auditing through the Computer Once the auditor obtains an understanding of internal control, a decision will be made as to the planned assessed level of control risk • • The auditor may plan to assess control risk at the maximum when the client’s computer system is relatively simple and there is a sufficient audit trail When the client’s computer system is complex, the lack of an audit trail may prevent the auditor from adequately reducing detection risk through the performance of substantive tests and the auditor will need to set control risk below the maximum This will require the performance of tests of controls in relation to those control activities on which the auditor intends to rely Focus on Auditing with Technology—Module 257 Testing General Control Activities The auditor will generally first test general control activities The auditor can test • • • • • Personnel policies by inspecting personnel manuals, observing the appropriate segregation of duties, and verifying restrictions on the access to the system through the use of passwords File security by inspecting external labels on files and using the computer to read internal labels, and observing the existence of lockout procedures and file protection Contingency plans by observing the existence of multiple generations of backup files, discussing disaster recovery plans with management, and observing the existence of a hot or cold site Facilities by observing the appropriateness of the location and the limitations on access and by confirming the existence of insurance Access to computer files by verifying the use of passwords to prevent unauthorized individuals from obtaining access Focus on Auditing with Technology—Module 258 Testing Application Control Activities If general controls are in place and operating effectively, reliance may also be placed on application control activities The auditor can test input and output controls largely through obser vation Processing controls, on the other hand, may be tested in a variety of ways In testing controls over the development of, and changes to, programs and systems design, the auditor might • • • • • Make inquiries of personnel Review minutes of meetings of computer staff and users Inspect documentation of testing performed before programs were put into use Review documentation of program changes and compare them to management approvals Inspect manuals being used by operators and other users Focus on Auditing with Technology—Module 259 Testing Application Control Activities (continued) Computer assisted audit techniques, or CAATs, are used to test the operation of software These include test data, controlled programs, integrated test facilities, program analysis, tagging and tracing, and generalized audit software programs Test data includes one example of each type of exception and is run through the company’s computer programs The auditor compares results to expected results to evaluate the processing of the data and handling of exceptions Controlled programs are copies of the client’s programs that are under the control of the auditor The auditor processes the client’s data using these programs and compares the results to those of the client to evaluate the client’s processing of the data Using an integrated test facility, fictitious and real transactions are processed simultaneously using the client’s system The auditor can review the client’s processing of the data to evaluate the effectiveness of the programs Focus on Auditing with Technology—Module 260 Testing Application Control Activities (continued) Program analysis techniques involve the use of software that will allow the computer to generate flowcharts of other programs The auditor can examine the flowcharts to evaluate the effectiveness of the client’s programs By tagging transactions, they may be traced through the system and the auditor is provided a printout of the steps followed in processing them Generalized audit software packages test the reliability of the client’s programs These packages are used to perform many specific audit procedures One application is parallel simulation in which the software is designed to process data in a manner that is essentially the same as that used by the client’s program Focus on Auditing with Technology—Module 261 Auditing with the Computer The auditor may use the computer to perform substantive tests Once the auditor has access to the client’s data, the computer can be used to • • • • • Examine the client’s data for validity, completeness, and accuracy Rearrange and analyze the client’s data Select client data for audit samples Compare similar data contained in two or more of the client’s files to identify discrepancies Compare the results of audit procedures, such as test counts, to the client’s data The use of computers in the performance of an audit does not change the auditor’s responsibility to adhere to the standards of fieldwork Methods, however, may change There may be a reduction in the use of working papers to reduce the auditor’s ability to observe the details of calculations when reviewing the work of staff assistants Focus on Auditing with Technology—Module 262 INDEX Accounting and Review Services, 223 Accounting Estimates, 141 Actions Resulting from Evidence of Fraud, 41 Allowable Risk of Incorrect Acceptance, 249 Analytical Procedures, 103, 104, 105, 106, 107, 108, 109 Assessing Control Risk, 62 Assessing Risk of Fraud, 36 Assurance Provided by Auditor, 42 Attestation Engagements, 221 Attribute Sampling, 244 Audit Committee, 90, 92, 93, 94 Audit Reports, 160 Audit Risk, 23 Audit Risk Model, 26 Auditing Accounts Payable & Purchases, 126, 127, 128 Auditing Accounts Receivable & Sales, 118, 119, 120, 121, 122 Auditing Cash, 115, 116, 117 Auditing Equity, 138, 139, 140 Auditing Inventory, 123, 124, 125 Auditing Investments & Investment Income, 129 Auditing Long-Term Debt & Interest Expense, 135 Auditing Property, Plant, & Equipment, 132 Auditing Specific Accounts, 110, 111 Auditing through the Computer, 257 Auditing with the Computer, 262 Communication with Predecessor Auditor, 43 Comparative Financial Statements, 185, 186, 238 Compilation Report, 226 263 Compilations, 223 Components of Audit Risk, 25 Components of Internal Control, 51 Condensed Financial Statements & Selected Data, 196 Consideration of Fraud in a Financial Statement Audit, 30 Consideration of Internal Control, 50 Control Activities, 52 Control Environment, 55 Controls in an IT Environment, 256 Department of Labor Independence Requirements for Employee Benefit Plans, 20 Departures from GAAP, 178 Documentation, 40 Documentation of Internal Control, 67 Downgrading Engagements, 237 Effects of Assessment, 37 Effects of Substantive Tests on Detection Risk, 99 Emphasis of an Uncertainty, 170, 171 Engagement Letter, 44 Evaluation of Misstatements, 29 Financial Statement Compilations Planning, 225 Financial Statement Reviews, 228 Flowcharts, 60 Fraud and Illegal Acts in Compilation or Review Engagements, 235 Fraud Risk Factors, 32 Further Reducing the Assessed Level of Control Risk, 66 GAO Code of Ethics, 15 General Standards and Accounting Principles, Government Auditing Standards, 212 Governmental Auditing, 211 Inconsistencies, 168, 169 Index 264 Independent Auditor, Information & Communication, 54 Institute of Internal Auditors Code of Ethics, 16 Internal Control Questionnaire, 61 International Auditing and Assurance Standards, 21 International Ethics Standards, 19 Issues Related to Substantive Testing, 141 Letters to Underwriters, 198 Litigation, Claims & Assessments, 148 Major Federal Programs, 215 Management Representations, 144 Materiality, 27, 28 Monitoring, 54 Nature, Timing, & Extent of Evidential Matter, 98, 99 Nonattest Services, Omitted Procedures, 158 Other Cycles, 89 Other Responsibilities and Practices, 12 PCAOB Audit Standard, 69 Audit Standard 1, 163 Planning Considerations & Procedures, 46 Probability Proportional to Size (PPS) Sampling, 251 Professional Responsibilities, Prospective Financial Statements, 203 Purchases & Spending Cycle, 84, 85, 86 Quality Control, 49 Related Parties, 151 Relationship of Internal Control to Audit Procedures, 57, 65 Relationship of Objectives to Risk Assessment & Control Activities, 56 Reliability, 97 Reporting on Pro Forma Financial Information, 206 Index 265 Reports on Internal Control in Connection with Audit, 69 Reports under the SAA, 218 Requirements for Evaluation of Internal Control, 91 Responsibilities in an Information Technology Environment, 255 Responsibilities to Clients, 11 Responsibility to Detect & Report Illegal Acts, 38, 39, 40, 41 Revenue Cycle, 82 Review Report, 233 Reviews, 232 Analytics, 231 Risk Assessment, 53 Sampling, 239 Sampling Risk, 239 Sampling Risk & Substantive Tests, 242 Sampling Risk & Tests of Control, 240, 241 Sarbanes-Oxley Act, 17 Scope Limitations, 181 Separate Engagements on Internal Control, 78 Single Audit Act, 214 Special reports Financial forecasts and projections, 201 Pro forma financial information, 201 Specialists, 146 Standard Report – An Unqualified Opinion, 161, 162 Standards for Consulting Services, 14 Statements Used in Other Countries, 197 Steps in Consideration of Fraud, 31 Subsequent Discovery of Facts, 157 Subsequent Events, 155, 156 Summary of Relationship Among GAAS, GAS, & SAA, 219 Tax Preparer, 13 Test of Balances Approach, 112 Index 266 Test of Transactions Approach, 113, 114 Testing Application Control Activities, 259, 260, 261 Testing General Control Activities, 258 Tests of Controls, 63 Timing of Audit Procedures, 100 Types of Fraud, 30 Types of Statistical Sampling, 243 Types of Substantive Tests, 101, 102 Understanding of Client’s Operations, Business, & Industry, 48 Understanding the Design of Internal Control, 58 Using Management Assertions to Develop Audit Programs, 110 Variables Sampling, 248 Variations of Attribute Sampling, 247 Working Papers, 152 Index 267 ... 2014 Wiley ® CPAexcel EXAM REVIEW FOCUS NOTES 2014 Wiley ® CPAexcel EXAM REVIEW FOCUS NOTES AUDITING AND ATTESTATION Cover Design by David Riedy... Pany, PhD, CPA, is a Professor of Accounting at Arizona State University His basic and advanced auditing courses provided the basis on which he received the Arizona Society of CPA s Excellence... experience includes serving for four years on the AICPA’s Auditing Standards Board, serving as an academic fellow in the Auditing Division of the AICPA, and prior to entering academe, working as a