Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
15 Pages
Chapter 7 Lecture Notes (Questions & Answers)
Course: ACTG 414, Spring 2012School: University of Maryland...
Rating:
Word Count: 6591
Document Preview
414 ACTG Chapter 7 Lecture Notes (Messier 8e) Question 1: What are managements responsibilities under Section 404 of the Sarbanes-Oxley Act concerning internal control? Answer 1: Section 404 of the Sarbanes-Oxley Act requires management of a publicly traded company to issue an internal control report that explicitly accepts responsibility for establishing and maintaining adequate internal control over financial...
Unformatted Document Excerpt
Coursehero >> Maryland >> University of Maryland Baltimore >> ACTG 414Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
414 ACTG Chapter 7 Lecture Notes (Messier 8e)
Question 1: What are managements responsibilities under Section 404 of the Sarbanes-Oxley Act
concerning internal control?
Answer 1: Section 404 of the Sarbanes-Oxley Act requires management of a publicly traded
company to issue an internal control report that explicitly accepts responsibility for establishing
and maintaining adequate internal control over financial reporting (ICFR). Management must
also issue an assertion as to whether ICFR is effective as of the end of the fiscal year. The Act
provides no guidance on what constitutes adequate internal control, so the SEC and PCAOB were
left to address the issue of adequacy. The assessment is to be made as of a specific point in time
that is, as of the end of the accounting period. Therefore, managements assessment does not cover
the entire year. This has implications for the timing of both managements and the auditors work
and the handling of any control deficiencies discovered during the year. The as-of nature of the
assessment allows management to remediate deficiencies discovered prior to year-end and still
receive an unqualified opinion on ICFR. It also has implications for the use of the auditors
internal control work for financial statement audit purposes.
Management must comply with the following requirements in order for its registered public
accounting firm (the external auditor) to complete an audit of ICFR:
Accept responsibility for the effectiveness of the entitys ICFR.
Evaluate the effectiveness of the entitys ICFR using suitable control criteria.
Support the evaluation with sufficient evidence, including documentation.
Present a written assessment regarding the effectiveness of the entitys ICFR as of
the end of its most recent fiscal year.
Management cannot conclude that its ICFR is effective if managements testing has identified any
material weaknesses. Management is required to disclose all material weaknesses that exist as of
the end of the year. Note that management can accurately represent that ICFR is effective as of the
end of the year even if one or more material weaknesses existed during the period, if corrections
were made to eliminate any material weaknesses which have been satisfactorily tested over a
sufficient period of time to determine whether ICFR is effective as of the end of the fiscal year.
Question 2: What are the auditors responsibilities under Section 404 (and AS 5) concerning
internal control?
Answer 2: Section 404 requires the entitys auditor to audit managements assertion about the
effectiveness of ICFR. AS 5 states that the auditor must conduct an integrated audit of the
entitys ICFR and its financial statements. While the engagement is integrated, the two audits have
different objectives. AS 5 states that the objective in an audit of ICFR is to express an opinion on
the effectiveness of the companys ICFR, while the objective in a financial statement audit is to
express an opinion on whether the financial statements are fairly stated in accordance with GAAP.
To form a basis for expressing an opinion on the effectiveness of ICFR, the auditor must plan and
1
perform the audit to obtain reasonable assurance about whether the entity maintained, in all
material respects, effective internal control as of the date specified in managements assessment.
Reasonable assurance in this context recognizes that no system of internal control is perfect and
that there is a remote likelihood that material misstatements will not be prevented or detected on a
timely basis, even if controls are, in fact, effective. While reasonable assurance is not absolute
assurance, in this context, it indicates a high level of assurance.
Question 3: What is internal control over financial reporting and who is responsible for the ICFR?
Answer 3: Chapter 6 presented the COSO definition of internal control. In addition to the
reliability of financial reporting objective, the COSO framework also includes objectives in two
other categories: (1) effectiveness and efficiency of operations and (2) compliance with laws and
regulations.
For purposes of both managements assessment and the audit of internal control, the PCAOB
defines ICFR as:
A process designed by, or under the supervision of, the companys principal executive and
principal financial officers, or persons performing similar functions, and effected by the
companys board of directors, management, and other personnel, to provide reasonable
assurance regarding the reliability of financial reporting and the preparation of financial
statements for external purposes in accordance with GAAP, and includes those policies and
procedures that (AS 5):
1.
Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect
the transactions and dispositions of the assets of the company;
2.
Provide reasonable assurance that transactions are recorded as necessary to permit
preparation of financial statements in accordance with generally accepted accounting principles,
and that receipts and expenditures of the company are being made only in accordance with
authorizations of management and directors of the company; and
3.
Provide reasonable assurance regarding prevention or timely detection of unauthorized
acquisition, use or disposition of the companys assets that could have a material effect on the
financial statements.
The CEO and CFO are responsible for the reliability of ICFR and the preparation of the financial
statements. It is the responsibility of the board of directors and management to implement an
effective internal control system. Note that the objectives of internal control in the PCAOBs
definition are much more specific than the objectives listed in the COSO definition. Items 1 and 2
relate directly to controls for initiating, authorizing, recording, processing, and reporting
significant accounts and disclosures and related assertions embodied in the financial statements,
while item 3 concerns controls over safeguarding assets.
Question 4: What are internal control deficiencies and what dimensions of misstatement could
result from a control deficiency?
Answer 4: A control deficiency exists when the design or operation of a control does not allow
management or employees, in the normal course of performing their assigned functions, to prevent
2
or detect misstatements on a timely basis. A design deficiency exists when (1) a control necessary
to meet the relevant control objective is missing or (2) an existing control is not properly designed
so that, even if the control operates as designed, the control objective would not be met. A
deficiency in operation exists when a properly designed control does not operate as designed or
when the person performing the control does not possess the necessary authority or qualifications
to perform the control effectively.
The focus of the audit of ICFR is on deficiencies that are serious enough that there is a reasonable
possibility (as defined in FAS 5) that a material misstatement of the financial statements could
result.
A material weakness is a deficiency, or combination of deficiencies, in ICFR, such that there is a
reasonable possibility that a material misstatement of the annual or interim financial statements
will not be prevented or detected on a timely basis.
A significant deficiency is a control deficiency, or combination of control deficiencies, in ICFR
that is less severe than a material weakness, yet important enough to merit attention by those
responsible for oversight of the companys financial reporting.
There are two dimensions of the control deficiency likelihood and magnitude of misstatements
that could result from a control deficiency. The likelihood of an event is a reasonable possibility
if it is either reasonable possible or probable. The magnitude of a financial statement misstatement
from a control deficiency is based on the same concept of materiality as used in determining
financial statement materiality (material, not material but significant, and not material or
significant). Note that both concepts are subjective and require the application of professional
judgment.
Question 5: What does managements assessment process include and what are managements
reporting responsibilities?
Answer 5: In order to issue a report on the effectiveness of internal control, management needs to
first design and implement an effective system of ICFR and then develop an ongoing assessment
process. To assist management, the SEC issued guidance for evaluating and assessing ICFR. The
SECs guidance provides a top-down, riskbased approach for management to follow in evaluating
and assessing ICFR. The purpose of the evaluation of ICFR is to provide management with a
reasonable basis for its assessment as to whether any material weakness in ICFR exist as of the end
of the period. The evaluation process has three steps:
1.
2.
3.
Identify financial reporting risks and related controls.
Evaluate evidence about the operating effectiveness of ICFR.
Consider which locations to include in the evaluation.
In determining its reporting responsibilities, management first evaluates the severity of any control
deficiencies identified. Management must consider the likelihood of and degree to which the
financial statements could be misstated by the control failure. Managements assessment process
involves special consideration of two topics service organizations and safeguarding assets.
Advanced Module 1 discusses each of these topics in detail.
3
If a control deficiency is determined to be a material weakness, management must disclose the
material weakness in its assessment of the effectiveness of ICFR on an annual basis. The
disclosure about the material weakness(es) should include the following:
The nature of the material weakness(es).
The impact on the companys financial reporting and its ICFR.
Managements current plans, if any, for remediation of the material weakness.
Note that before deciding whether a significant deficiency or material weakness exists, AS 5
requires the auditor to evaluate the effectiveness of compensating controls. To have a mitigating
effect, the compensating control should operate at a level of precision that would prevent or detect
a misstatement that could be material (AS 5, 68).
Any control deficiency that is considered a significant deficiency or material weakness should be
reported to the audit committee and the external auditor. Exhibit 7-1 provides an example
management report.
Question 6: What framework can be used by management to conduct its assessment of internal
control?
Answer 6: Management is required to base its assessment of the effectiveness of the entitys ICFR
on a suitable, recognized control framework established by a body of experts that follows dueprocess procedures. In the United States, most entities use the framework developed by COSO.
According to COSOs Internal Control Integrated Framework, internal control is designed and
effected by an entity's board of directors, management, and other personnel to provide reasonable
assurance about the achievement of the entity's following objectives:
1.
2.
3.
4.
Reliable financial reporting;
Efficient and effective operations;
Compliance with all laws and regulations;
Assets are safeguarded.
Question 7: How does the auditor integrate the audits of ICFR and financial statements?
Answer 7: The overall goal of an ICFR audit is to obtain sufficient evidence about the design and
operating effectiveness of control. The auditor does this by planning and performing the audit of
ICFR to obtain reasonable assurance that any deficiencies rising to the level of a material weakness
are identified.
While the audit of ICFR and the audit of financial statements have different objectives, the auditor
must plan and perform the audit work to achieve the objectives of both audits. To that end, the
auditor should design tests of controls to accomplish the objectives of both audits simultaneously.
The purpose of tests of controls in an audit of ICFR is to provide evidence on the effectives of the
entitys controls over financial reporting as of the end of the reporting period. The purpose of tests
of controls in an audit of financial statements is to assist the auditor in assessing control risk,
which in turn affects the nature, timing, and extent of the auditors substantive tests.
4
The auditor should incorporate the results of tests of controls in the audit of ICFR into the tests of
controls for the audit of the financial statements and should use those results for determining the
nature, timing, and extent of substantive procedures. Similarly, the auditor should consider the
results of substantive procedures on the conclusions about the effectiveness of ICFR. The steps in
the audit of ICFR include (Figure 7-2):
Step 1: Plan the engagement.
Step 2: Identify controls to test using a top-down, risk-based approach.
Step 3: Test the design and operating effectiveness of selected controls.
Step 4: Evaluate identified control deficiencies.
Step 5: Form an opinion on the effectiveness of ICFR.
Question 8: What is included in the process for planning an audit of ICFR?
Answer 8: In planning the engagement, the auditor considers the following activities:
Risk assessment. The role of risk assessment and the risk of fraud include
identification of significant accounts and disclosures and relevant assertions, the selection of
controls to test, and the determination of evidence necessary for a given control. Note that the
auditor should devote more attention to areas that have a high risk of a material weakness. A major
part of risk assessment is assessing the risk of fraud (SAS No. 99). The auditor should evaluate the
risk of material misstatement due to fraud and the risk of management override of controls. AS 5
points out that the following controls might address the risk of fraud and management override:
Controls over significant, unusual transactions, particularly those that result
in late or unusual journal entries.
Controls over journal entries and adjustments made in the period-end
financial reporting process.
Controls over related-party transactions.
Controls related to significant management estimates.
Controls that mitigate incentives for, and pressures on, management to
falsify or inappropriately manage financial results.
Scaling the audit. AS 5 clearly specifies that the size and complexity of the
company, its business processes, the business units, may affect the way in which the company
achieves many of its control objectives. Allowing the concepts behind achieving effective internal
control to be appropriately scaled to companies of different size and complexity is an extension of
the risk-based approach of auditing.
Using the work of others. AS 5 allows the auditor to use the work performed by, or
receive direct assistance from internal auditors, company personnel, and third parties working for
management or the audit committee. If the work of others is to be used, the auditor should assess
the competence and objectively of the persons whose work will be used (see Table 5-2 for
assessing competence and objectively). The nature and risk associated with the control being tested
5
also plays a role in using the work of others. As the risk associated with the control increases, the
auditor should perform more of the work. Note that the auditor should test some of the work
performed by others to evaluate the quality and effectiveness of their work.
Materiality. In planning the audit of ICFR and determining magnitude in
evaluating the seriousness of a control deficiency, the auditor should use the same materiality
considerations that were used for planning the audit of financial statements.
Question 9: What does it mean to use a top-down approach for understanding ICFR?
Answer 9: Obtaining an understanding of ICFR as part of an audit of internal control is similar to
the process for understanding internal control described in Chapter 6, except that the understanding
needed for an audit of internal control is more extensive. The procedures the auditor can perform
to obtain an understanding of specific controls include:
1.
2.
3.
4.
inquiring of appropriate management, supervisory, and staff personnel;
inspecting company documents;
observing the application of specific controls; and
tracing transactions through the information system.
The auditor should follow a top-down approach in obtaining an understanding of ICFR. A
top-down approach includes:
Identify entity-level controls (see Table 7-3). Two categories of entity-level
controls require evaluation by the auditor: (1) the control environment and (2) the period-end
financial reporting process. Because of its importance to effective ICFR, the auditor must evaluate
the control environment. In particular, the auditor should assess whether:
Managements philosophy and operating style promote effective ICFR.
Sound integrity and ethical values, particularly of top management, are
developed and understood.
The Board or audit committee understands and exercises oversight
responsibility over financial reporting and internal control.
Identify significant accounts and disclosures and their relevant assertions. The
auditor should identify significant accounts and disclosures and their relevant assertions. Risk
factors the auditor should evaluate include:
Size and composition of the account;
Susceptibility to misstatement due to errors or fraud;
Volume of activity, complexity, and homogeneity of the individual
transactions processed through the account or reflected in the disclosure;
6
Nature of the account or disclosure;
disclosure;
Accounting and reporting complexities associated with the account or
Exposure to losses in the account;
Possibility of significant contingent liabilities arising from the activities
reflected in the account or disclosure;
Existence of related-party transactions in the account; and
Changes from the prior period in account or disclosure characteristics.
Understand likely sources of misstatement. In order to understand the likely
sources of potential misstatements, and to assist in selecting controls to test, the auditor needs to do
the following:
Understand the flow of transactions related to the relevant assertions,
including how these transactions are initiated, authorized, processed, and recorded;
Identify the points within the entitys processes at which a misstatement
including a misstatement due to fraud could arise that, individually or in combination with other
misstatements, would be material;
Identify the controls that management has implemented to address these
potential misstatements;
Identify the controls that management has implemented over the prevention
or timely detection of unauthorized acquisition, use, or disposition of the companys assets that
could result in a material misstatement of the financial statements.
Because of the importance of achieving these objectives, the auditor should either
perform this work or closely supervise the work of others who provide direct
assistance to the auditor.
Performing walkthroughs is often the best way to achieve these objectives. To
perform a walkthrough, the auditor traces a transaction from origination through the
entitys processes and information system until it is reflected in the entitys financial
reports. The auditor should make inquires of relevant personnel involved in
significant aspects of the process or controls.
Select controls to test. The auditor does not need to test all controls only those
controls that are important to the auditors conclusion about whether the entitys controls
sufficiently address the assessed risk of misstatement to each relevant assertion. Factors commonly
considered when identifying controls to test are summarized in Table 7-4. The auditor should
evaluate whether to test preventive controls, detective controls, or a combination of both.
7
Note that the auditor should document his or her understanding of the internal controls. Narratives,
questionnaires, flowcharts, or any combination of these tools can be used as documentation.
Question 10: What is included in testing the design effectiveness of controls?
Answer 10: Controls are effectively designed when they prevent or detect errors or fraud that
could result in material misstatements in the financial statements. The auditor should determine
whether the entity has controls to meet the objectives of the control criteria selected by
management (e.g., COSO). This is accomplished by first identifying the controls that satisfy each
of the entitys control objectives in each area and then determining whether the controls, if
operating properly, would be likely to prevent or detect errors of fraud that could result in material
misstatements in the financial statements (to ensure a proper alignment between controls and
risks). Once key controls are identified, the auditor evaluates design effectiveness through
(1) inquiry, (2) observation, (3) walkthroughs, (4) inspection of relevant documentation, and
(5) subjective evaluations of whether the controls are likely to prevent or detect errors or fraud that
could result in misstatements assuming they are operated as prescribed by qualified persons. Note
that the procedures performed by the auditor to test and evaluate design effectiveness might in
some cases provide evidence about operating effectiveness.
Question 11: What is included in testing and evaluating operating effectiveness of controls?
Answer 11: An auditor evaluates the operating effectiveness of a control by determining whether
the control is operating as designed and whether the person performing the control possesses the
necessary authority and to competence perform the control effectively. In testing the operating
effectiveness of controls, the auditor needs to consider the scope (nature, timing, and extent) of
testing. For each control selected for testing, the evidence necessary to persuade the auditor that
the control is effective depends on the risk associated with the control. The risk associated with a
control consists of the risk that the control might not be effective and, if not effective, the risk that
a material weakness would result. As the risk associated with the control being tested increases, the
quality and/or quantity of the evidence that the auditor should obtain also increases. Table 7-5
presents the factors that affected the risk associated with a control. The auditor must perform tests
of controls over a period of time that is adequate to determine whether the significant controls
were operating effectively as of the date indicated in management's report. The auditor should
consider the following factors when deciding on the extent of testing: (1) nature of the control;
(2) frequency of operation; and (3) importance of the control. Advanced Module 2 offers a
discussion of computer-assisted audit techniques available to the auditor in testing the operating
effectiveness of controls.
Question 12: What procedures are used to evaluate identified control deficiencies?
Answer 12: The auditor is required to evaluate the severity of each control deficiency. The
assessment of the significance of a control deficiency in ICFR depends on the potential for a
misstatement, not on whether a misstatement actually has occurred. The severity of a control
deficiency depends on two factors:
Whether there is a reasonable possibility that the companys controls will fail to
prevent or detect a misstatement of an account balance or disclosure (likelihood).
8
The magnitude of the potential misstatement results from the deficiency or
deficiencies.
Table 7-6 present the risk factors that affect whether there is a reasonable possibility that a control
deficiency, or a combination of control deficiencies, will result in a misstatement of an account
balance or disclosure. Factors that affect whether the magnitude of the misstatement might result in
a material weakness include: (1) the financial statement amounts or total of transactions exposed to
the deficiency and (2) the volume of activity in the account balance or class of transactions
exposed to the deficiency that has occurred in the current period or that is expected in future
periods.
Question 13: What are the indicators of a material weakness?
Answer 13: The indicators of a material weakness include (Table 7-7):
Identification of fraud, whether or not material, on the part of senior management;
Restatement of previously issued financial statements to reflect the correction of a
material misstatement;
Identification by the auditor of a material misstatement of financial statements in
the current period in circumstances that indicate that the misstatement would not have been
detected by the companys ICFR; and
Ineffective oversight of the companys external financial reporting and ICFR by the
companys audit committee.
Question 14: What must an entity do to remediate a material weakness?
Answer 14: When an entity determines that it has a material weakness, it should take steps to
correct it. This is referred to as remediation. If the material weakness cannot be corrected and/or
properly tested before the "as of" date, management and the auditor should each issue a report that
the ICFR is not operating effectively. If management corrects a material weakness before the "as
of" date, there must be sufficient time for both management and the auditor to adequately test the
operating effectiveness of the control. If there is sufficient time to remediate the material weakness
and the testing shows that the new control is operating effectively, management and the auditor can
issue a report that ICFR is operating effectively. Special disclosure of the remediation is required
when reporting in its Form 10-K reporting.
If there is not sufficient time, then neither management nor the auditor can conclude that ICFR is
effective. The auditor must obtain the following written representations from management related
to the audit of ICFR:
Question 15: What written representations must the auditor obtain from management related to the
audit of ICFR?
9
Answer 15: The auditor must obtain the following written representations from management
related to the audit of ICFR:
Management is responsible for establishing and maintaining effective ICFR.
Management has performed an evaluation and made an assessment of the
effectiveness of the companys ICFR and specifying the control criteria.
Management did not rely on work performed by the auditor in forming its
assessment of the effectiveness of ICFR.
Managements conclusion about the effectiveness of the entitys ICFR based on the
control criteria as a specified date.
Management has disclosed to the auditor all deficiencies in the design or operation
of ICFR identified as part of managements evaluation and has identified all such deficiencies that
it believes to be significant deficiencies or material weaknesses.
Descriptions of any material fraud and any other fraud that, although not material,
involves senior management or management or other employees who have a significant role in the
companys ICFR.
Control deficiencies identified and communicated to the audit committee during
previous engagements have (or have not) been resolved (and specifically identifying any that have
not).
Descriptions of any changes in ICFR or other factors that might significantly affect
ICFR, including any corrective actions taken by management with respect to significant
deficiencies and material weaknesses.
Failure to obtain written representations from management, including managements refusal to
furnish them, constitutes a limitation on the scope of the audit sufficient to preclude an unqualified
opinion. While the required representations are typically drafted by the auditor, they are addressed
to the auditor and are signed (and worded as if written) by the CEO and CFO.
Question 16: What audit documentation is required for ICFR?
Answer 16: The auditor should document the processes, procedures, judgments, and results
relating to the audit of internal control. The auditors documentation must include:
the auditors understanding and evaluation of the design of each of the components
of the entitys ICFR;
the process used to determine the points at which misstatements could occur within
significant accounts and disclosures;
10
the extent to which he or she relied upon work performed by others; and
the evaluation of any deficiencies discovered, as well as any other findings, that
could result in a modification to the auditors report.
Question 17: What is included in the auditors report on the effectiveness of the clients ICFR?
Answer 17: Once the auditor has completed the audit of ICFR, he or she must issue an opinion to
accompany managements assessment, and both are included in the companys annual report. The
auditors report contains an opinion on the effectiveness of ICFR based on the auditors
independent audit work. The basic options for the opinion on ICFR are unqualified or adverse. If
the scope of the auditors work is limited because of circumstances beyond the control of
management or the auditor, the auditor should disclaim an opinion or withdraw from the
engagement.
An auditor issues an unqualified opinion if the clients internal control is designed and operating
effectively in all material respects. Significant deficiencies do not require a departure from an
unqualified opinion because they relate to possible financial statement misstatements that are less
than material. If a material weakness is identified, the auditor issues an adverse opinion. Figure 7-4
provides an overview of the types of audit reports relating to the effectiveness of ICFR
[unqualified (free of any material weakness), adverse (material weakness), or disclaimer (scope
limitation).
The auditors report on the effectiveness of internal control includes:
Identifies managements conclusion about the effectiveness of the companys ICFR
and states that the assessment on which managements conclusion is based is the responsibility of
management;
Defines ICFR and indicates that the standards of the PCAOB require that the
auditor plan and perform the audit to obtain reasonable assurance about whether effective ICFR
was maintained in all material respects;
What an audit of ICFR entails and explicitly addresses the fact that even effective
internal control cannot guarantee that misstatements will be prevented or detected; and
Conclusions with the auditors opinion on whether the company maintained, in all
material respects, effective ICFR as of the end of the period.
The auditor may choose to issue separate reports on the companys financial statements and ICFR
or may issue a combined report. Under either approach, the date of the two reports should be the
same.
Note that it is possible for the auditor to issue an adverse opinion on ICFR, while at the same time
issuing an unqualified opinion on the financial statement audit. Such a conclusion is reached when
a clients internal control is not effective at preventing or detecting material errors, but the auditor
concludes (based on substantive procedures) that the clients financial statements do not contain
material misstatements. In other words, an identified material weakness does not actually result in
a misstatement in the financial statements or when a material weakness does result in a material
misstatement but the client corrects the misstatement prior to issuing the financial statements.
11
Whether or not the auditors opinion on the financial statements is affected by the adverse opinion
on the effectiveness of ICFR, the report on ICFR (or the combined report) should indicate that the
weakness was considered in determining the nature, timing, and extent of financial statement audit
tests in the paragraph that describes the material weakness. Such disclosure is important to ensure
the users of the auditors report on the financial statements understand why the auditor issued an
unqualified opinion on those statements.
Question 18: What should the auditor do if managements report is incomplete or improperly
presented?
Answer 18: If the auditor determines that elements of managements annual report on ICFR are
incomplete or improperly presented, the auditor should modify his or her report to include an
explanatory paragraph describing the reasons for this determination.
Question 19: What is the auditors responsibility for reporting subsequent events related to
internal control?
Answer 19: The auditor has a responsibility to report on any changes in internal control that might
affect financial reporting between the end of the reporting period and the date of the auditors
report. The auditors treatment of a subsequent event depends on whether the event reveals
information about a material weakness that existed as of the end of the reporting period or whether
the event creates or reveals information about a new condition that did not exist as of the end of the
reporting period.
Question 20: What should the auditor do when managements report contains additional
information about its ICFR?
Answer 20: When managements report on ICFR contains additional information (e.g., disclosures
about corrective actions taken, plans to implement new controls, etc.), the auditor should disclaim
an opinion on such information and include the following language as the last paragraph of the
report:
We do not express an opinion or any other form of assurance on the
managements statement referring to the costs and related benefits of
implementing new controls.
If the auditors believes that the additional information contains a material misstatement of fact, he
or she should discuss the matter with management. If the auditor concludes that a material
misstatement of facts remains after discussing it with management, he or she should notify the
audit committee in writing. The auditor should consider consulting the auditors legal counsel
about further actions to be taken, including the auditors responsibility under the Securities
Exchange Act of 1934.
Question 21: What action can the auditor take if the client reports on a remediated material
weakness at an interim date?
12
Answer 21: When the client remediates a material weakness after the financial statements have
been issued, the auditor can provide an interim opinion, rather than making a client wait twelve
months to receive a clean opinion regarding its ICFR in the next year-end report. The auditor can
attest as to whether the client has eliminated the cause of a previously issued adverse opinion
regarding ICFR.
Question 22: What other communications are required in an audit of ICFR?
Answer 22: The auditor must communicate in writing to management and the audit committee all
significant deficiencies and material weaknesses identified during the audit. The written
communication should be made prior to the issuance of the auditors report on ICFR. The auditors
communication should distinguish clearly between those matters considered to be significant
deficiencies and those considered to be material weaknesses. If a significant deficiency or material
weakness exists because the oversight by the companys audit committee is ineffective, the auditor
must communicate that specific significant deficiency or material weakness in writing to the board
of directors.
The auditor should communicate to management, in writing, all control deficiencies (deficiencies
that are of a lesser magnitude than significant deficiencies) identified during the audit and inform
the audit committee when such a communication has been made. Remember that the auditors role
is to identify material weaknesses, therefore, the auditor is not required to perform procedures to
identify control deficiencies that do not rise to the level of a material weakness.
The auditors written communication about control deficiencies states that the communication is
intended solely for the information and use of the board of directors, audit committee,
management, and others within the organization. When governmental authorities require the entity
to furnish such a report, a specific reference to such regulatory agencies may be made in the report.
These written communications also include the definitions of control deficiencies, significant
deficiencies, and material weaknesses and clearly identify the types of deficiencies being
communicated. The auditors communication may indicate that no material weaknesses were
identified if none were found, but because the auditors procedures were aimed at detecting
material weaknesses, the auditor may not represent that no significant deficiencies were noted
during an audit of internal control (theres always a risk based on reasonable assurance).
Question 23: What special issues should the auditor consider in an audit of internal control
(Advanced Module 1)?
Answer 23: The PCAOB specifies two areas that require special consideration by management
and the auditor during an audit of ICFR: service organizations and safeguarding assets.
Use of service organizations. Many companies use service organizations to
process transactions (e.g., payroll services). If the service organizations services make up part of a
companys information system, then they are considered part of the information and
communication component of the companys ICFR. Thus, both management and the auditor must
consider the activities of the service organization. Management and the auditor should perform the
following procedures with respect to the activities performed by the service organization: (1)
obtain an understanding of the controls at the service organization over the activities of the service
organization and (2) obtain evidence that the controls that are relevant to managements assertions
13
and the auditors opinion are operating effectively. Evidence about the operating effectiveness of
controls that are relevant may be obtained by performing tests of the user organizations control
over the activities of the service organization, performing tests of controls at the service
organization, or obtaining a service auditors report on the design and operating effectiveness of
controls placed in operation at the service organization (often referred to as a SAS No. 70 report).
If a service auditors report on controls is available, management and the auditor separately
evaluate whether this report provides sufficient evidence to support the assessment and opinion. If
the auditor concludes that additional evidence about the operating effectiveness of controls at the
service organization is required, the auditor should perform additional procedures.
Safeguarding of assets. Safeguarding of assets is defined in AS 5 as policies and
procedures that provide reasonable assurance regarding prevention or timely detection of
unauthorized acquisition, use or disposition of the companys assets that could have a material
effect on the financial statements. This definition is consistent with the definition in the COSO
framework.
Question 24: What are computer-assisted audit techniques (CAATs) (Advanced Module 2)?
Answer 24: Most accounting firms have groups of auditors specializing in information technology.
They often use computer-assisted audit techniques (CAATs) to assist the auditor in testing
transactions, account balances, and application controls. Many of these controls are embedded into
the clients computer programs and can thus be tested via CAATs. The auditor may also gain great
efficiencies by using CAATs to execute substantive procedures when the information is maintained
in machine-readable form. Three types of CAATs are discussed: generalized audit software (GAS),
custom audit software, and test data method.
Generalized audit software (GAS). Generalized audit software includes programs
that allow the auditor to perform tests on computer files and databases. ACL, which is packaged
with this text, is an example of a GAS program that is widely used in practice. GAS was developed
so that auditors would be able to conduct similar computer-assisted audit techniques in different IT
environments and computer systems. This type of software provides a high-level computer
language that allows the auditor to easily perform various functions on a clients computer files
and databases. GAS offers several advantages: (1) it is easy to use, (2) limited IT expertise or
programming skills are required, (3) the time required to develop the application is usually short,
and (4) an entire population can be examined, eliminating the need for sampling in some instances.
Among the disadvantages of GAS are that (1) it involves auditing after the client has processed the
data rather than while the data are being processed, (2) it provides a limited ability to verify
programming logic because its application is usually directed to testing client files or databases,
and (3) it is limited to audit procedures that can be conducted on data available in electronic form.
Custom Audit Software. Custom audit software is generally written by auditors for
specific audit tasks. Such programs are necessary when the entitys computer system is not
compatible with the auditors GAS or when the auditor wants to conduct some testing that may not
be possible with the GAS. It may also be more efficient to prepare custom programs if they will be
used in future audits of the entity or if they may be used on similar engagements. The major
disadvantages of custom software are that (1) it is expensive to develop, (2) it may require a long
development time, and (3) it may require extensive modification if the client changes its
accounting application programs.
14
Test Data. The auditor uses test data for testing the application controls in the
clients computer programs. In using this method, the auditor first creates a set of simulated data
for processing. The data should include both valid and invalid data. After calculating the expected
results of processing the test data, the auditor uses the clients computer and application programs
to process the data. The valid data should be properly processed, while the invalid data should be
identified as errors. The results of this processing are compared to the auditors predetermined
results. This technique can be used to check: (1) data validation controls and error detection
routines, (2) processing logic controls, (3) arithmetic calculations, and (4) the inclusion of
transactions in records, files, and reports. The objective of using the test data method is to ensure
the accuracy of the computer processing of transactions. The main advantage of the test data
method is that it provides direct evidence on the effectiveness of the controls included in the
clients application programs. However, the test data method has a number of potential
disadvantages: (1) it can be very time-consuming to create the test data, (2) the auditor may not be
certain that all relevant conditions or controls are tested (the use of special computer programs
called test data generators may help alleviate these potential disadvantages), (3) the auditor must
be certain that the test data are processed using the clients regular production programs (this
concern can be alleviated if the clients general controls for program changes, access, and library
functions are reliable), and (4) the auditor must be sure to remove the valid test data from the
clients files.
15
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
University of Maryland Baltimore - ACTG - 414
ACTG 414 Chapter 6 Lecture Notes (Messier 8e)Question 1: Who is responsible for maintaining the internal control system?Answer 1: Management is responsible to maintain controls which provide reasonable assurancethat adequate controls exists over the en
University of Maryland Baltimore - ACTG - 414
ACTG 414 Chapter 5 Lecture Notes (Messier 8e)Question 1: What is the relationship between audit evidence and the audit report?Answer 1: Financial statements contain managements assertions about financial statementcomponents. The auditor develops audit
University of Maryland Baltimore - ACTG - 414
Chapter 7Auditing Internal ControloverFinancial ReportingMcGrawHill/Irwin2008TheMcGrawHillCompanies,AllRightsReserved7-1Standards Passed By PCAOBLO# 1Auditing Standard No. 1: References in Auditors Reports tothe Standards of the Public Company A
University of Maryland Baltimore - ACTG - 414
Global Business Today 7eby Charles W.L. HillMcGraw-Hill/IrwinCopyright 2011 by The McGraw-Hill Companies, Inc. All rights reserved.Chapter 5InternationalTrade Theory5-2IntroductionInternational trade theoryexplains why it is beneficial for count
University of Maryland Baltimore - ACTG - 414
Global Business Today 7eby Charles W.L. HillMcGraw-Hill/IrwinCopyright 2011 by The McGraw-Hill Companies, Inc. All rights reserved.Chapter 4Ethics inInternationalBusiness4-2Introduction Ethics - accepted principles of right or wrong that govern
University of Maryland Baltimore - ACTG - 414
Global Business Today 7eby Charles W.L. HillMcGraw-Hill/IrwinCopyright 2011 by The McGraw-Hill Companies, Inc. All rights reserved.Chapter 3Differencesin Culture3-2Introduction Cross-cultural literacy - an understanding of how culturaldifference
University of Maryland Baltimore - ACTG - 414
Global Business Today 7eby Charles W.L. HillMcGraw-Hill/IrwinCopyright 2011 by The McGraw-Hill Companies, Inc. All rights reserved.Chapter 2National Differencesin Political Economy2-2IntroductionQuestion: What is the political economy of a countr
University of Maryland Baltimore - ACTG - 414
Global Business Today 7eby Charles W.L. HillMcGraw-Hill/IrwinCopyright 2011 by The McGraw-Hill Companies, Inc. All rights reserved.Chapter 1Globalization1-2IntroductionIn the world economy today, we seefewer self-contained national economies with
University of Maryland Baltimore - ACTG - 414
Dr. Axel GrossmannFINC 439Chapter IVSecond HandoutThe Balance of PaymentsII. The Balance of Payments Interaction with Key Macroeconomic VariablesA nations balance of payments interacts with nearly all of its key macroeconomic variables:Gross domest
University of Maryland Baltimore - ACTG - 414
Dr. Axel GrossmannFINC 439Chapter IVFirst HandoutThe Balance of PaymentsI.Fundamentals of Balance of Payments AccountingBalance of PaymentsThe measurement of all international economic transactions between the residents of acountry and foreign re
University of Maryland Baltimore - ACTG - 414
Dr. Axel GrossmannFINC381International FinanceExam IStudy GuideThe exam will have three partsPart I: Multiple Choice20 to 25 QuestionsGeneral Topics:1. The phase of the globalization process Advantage and disadvantage of each phase2. Definition
University of Maryland Baltimore - ACTG - 414
ACTG 414 Chapter 3 Lecture Notes (Messier 8e)Question 1: What procedures are required for evaluating a prospective client?Answer 1: The first phase of an audit process that relates to audit planning is client acceptance andcontinuance. The extent of ef
University of Maryland Baltimore - ACTG - 414
ACTG 414 Chapter 4 Lecture Notes (Messier 8e)Question 1: What is audit risk and how is audit risk controlled?Answer 1: Audit risk is a fundamental concept that underlies the audit process. Audit riskis the risk that the auditor may unknowingly fail to
University of Maryland Baltimore - ACTG - 414
Chapter IIIThe International MonetarySystem4nd HandoutMonetary Unions and the EuroEconomics to Political Union Stages towards a political union Economic Union Monetary Union Political Union History of the EUhttp:/europa.eu/about-eu/eu-history/i
University of Maryland Baltimore - ACTG - 414
ACTG 414 Chapter 4 Lecture Notes (Messier 8e)Question 1: What is audit risk and how is audit risk controlled?Question 2: What is the audit risk model?Question 3: What is inherent risk and control risk?Question 4: What is detection risk and how can it
University of Maryland Baltimore - ACTG - 414
ACTG 414 Chapter 2 Lecture Notes (Messier 8e)Question 1: What types of auditors provide professional services?Answer 1: Four types of auditors provide professional services. They are:1.2.3.4.External auditors [independent auditors or certified publ
University of Maryland Baltimore - ACTG - 414
ACTG 414 Chapter 1 Lecture Notes (Messier 8e)Question 1: Why are audits conducted?Answer 1: Audits are conducted because different interests exist between an entity and the usersof its financial statements (information asymmetry).Question 2: What is t
University of Maryland Baltimore - FINANCE - 313
Chapter Ten: Derivative Securities MarketsThis is the final chapter that introduces securities markets. Derivatives are contractswhose value is linked to and derived from something else. The something else isusually a security, a portfolio or an index.
University of Maryland Baltimore - FINANCE - 313
Reduced Chapter Nine: Foreign Exchange Markets1. Foreign Exchange Markets and Risk: Chapter OverviewThere are two relevant prices involved in international trade. The first is the price of thegood or service purchased and the second is the price of the
University of Maryland Baltimore - FINANCE - 313
Solved Examples on Chapters 9, 10, and 22Qn.1) John Smith is a resident of Frankfurt, Germany. He realizes that interest rate in the U.S. is5% whereas it is only 3.5% in Germany. He started thinking that he can make more money byinvesting in the U.S. b
University of Maryland Baltimore - FINANCE - 313
Solutions to Selected Chapter 9 Questions2. The exchange rates are reported in two ways: 1) for USD (of USD for FC and in your book itis in US$) that means how many USD per unit of the foreign currency and 2) per USD (of FCfor USD and in your book it i
Keller Graduate School of Management - GM591 - 591
GM 591: Leadership and Organizational BehaviorProject ProposalIntroductionThe organization I will discuss in my final project paper will be on Department of FamilyProtective Services. DFPS is an organization that focuses on reports of abuse and neglec
Waterloo - STAT - 330
Waterloo - STAT - 330
Carnegie Mellon - ARTS MANAG - Arts Manag
Bplans Your business starts here.Log in Sign upHomeSample Plans Sample Business Plans Sample Marketing Plans Business Plan Outline Business Plan TemplateHow-To Articles Writing a Business Plan Starting a Business Financing a Business Business
Carnegie Mellon - ARTS MANAG - Arts Manag
Skip to navigation Skip to main contentTranslateMore Sharing ServicesShare This content requires Javascript in order to view correctly. This contentrequires Javascript in order to view correctly.PrintConnect With UsFacebook Twitter YouTubeSearch th
Carnegie Mellon - ARTS MANAG - Arts Manag
BusinessPlanStartupTemplatesSoftwareSamplesSampleBusinessPlansBusinessPlanSoftwarePowerPointSampHomeAboutUsContactUsPrivacyPolicyCopBusinessPlanningBudgetCalculator_BusinessPlanStartupTimelineObject 2BusinessPlanStartupChecklistBusinessPlanOrganiz
Jacksonville College - ACC - ACC
Emir IbrahimovicACC311Chapter 19 Questions19-1 What is restricted stock? Describe how compensation expense is determined andrecorded for a restricted stock award plan.Restricted stock plans usually are tied to continued employment of the person recei
Jacksonville College - ACC - ACC
Emir IbrahimovicProfessor Dr. Denise de la RosaIntermediate Accounting IIWinter 2012Discrepancies Amongst FASB and IASBs Financial Reporting of Intangible AssetsThe Financial Accounting Standards Board (FASB) still has many discrepancies with theInt
Jacksonville College - ACC - ACC
Emir IbrahimovicProfessor Dr. Denise de la RosaIntermediate Accounting IIWinter 2012Discrepancies amongst FASB and IASBs financial reporting of intangible assetsThe Financial Accounting Standards Board still has many discrepancies with theInternatio
Jacksonville College - ACC - ACC
Emir IbrahimovicProfessor Dr. Denise de la RosaIntermediate Accounting IIWinter 2012Discrepancies Amongst FASB and IASBs in the Mobile Telecommunications IndustryThe Financial Accounting Standards Board (FASB) still has many discrepancies with theIn
Jacksonville College - ACC - ACC
Emir Ibrahimovic3/12/12ACC311Date1/1/20104/1/20107/1/20108/1/201011/1/2010TotalShares3,000,000150,000200,0002 for 1 split300,000-24,000Chapter 19 QuizWeighted3,000,000+150,000+157,500+3,307,500+125,000-4,0006,736,000Outstanding3
Jacksonville College - ACC - ACC
Emir IbrahimovicFIN 3212/28/12Video Analysis HomeworkA lot of people at first do not know how to trade and they lose a lot of money. Had those peopleused a simulator and actually learned how to trade, then maybe they wouldnt have lost all thatmoney.
Jacksonville College - ACC - ACC
What areas did the Student complete correctly?The student identified all of the price factors, the pricing strategy, specificprice, and the price / value relationship. Also great examples were given foreach situation. For example under convenience the
Jacksonville College - ACC - ACC
EmirIbrahimovicMKT35004UnlockingiPhones3222012ASSIGNMENT#5PROMOTIONA.Given the needs and wants of your target market, what target market benefits should be exploited (emphasized) in yourproduct/serviceadvertising?(Onetwobenefits)B.Createandutiliz
Jacksonville College - ACC - ACC
Assignment # 6PriceA. List the factors affecting the price of your product/service.B.Should you utilize a skimming, penetration or moderate pricing strategy?Why?C. Select one of the following options (offer price(s) you will utilize andjustify your
Jacksonville College - ACC - ACC
Assignment # 6PriceA. List the factors affecting the price of your product/service.B.Should you utilize a skimming, penetration or moderate pricing strategy?Why?C. Select one of the following options (offer price(s) you will utilize andjustify your
Jacksonville College - ACC - ACC
MKT350MARKETINGMANAGEMENTSection04MWF(1010:50)Professor:MariaLandonOffice:362CDeVosemailAddress:landonm@gvsu.eduOfficeHours:MW:24pm.Telephone:Office:3317282Home:7424144(until9pm)Textbook:BasicMarketing,E.JeromeMcCarthy&WilliamD.Perreault,Jr.17t
Ashford University - ANT101 - ANT101
The Kinship System and Its ImpactCirre RichardsonANT101 Introduction to Cultural AnthropologyProf. Joseph ScahillApril 7, 2012The Kinship System and Its ImpactThe Iroquois kinship system differentiates between parental siblings of oppositesex as we
DeAnza College - PHYSICS - 2a
Energy and Work - MBLIn this experiment you will use a cart, a track, and an ultrasonic motion sensor to investigatethe friction between the cart and the track. You will do this from an energy perspective.PROCEDUREPart I On the level (the track should
DeAnza College - PHYSICS - 2a
Example Projectile Motion Lab ReportYou may not copy the exact words here in any way on a re-written lab.Determination on the Effect of Angle on the Range of a ProjectileJoselyn J. Todd, other science students, and even other science studentsSept. 12,
TAMU Intl. - ANATOMY - 2402
The Urinary SystemPart AChapter 25: Urinary System251Kidney Functions Filter 200 liters of blood daily, allowing toxins,metabolic wastes, and excess ions to leave the bodyin urine Regulate volume and chemical makeup of the blood Maintain the pro
UCSD - BIEB - 166
closedopen environmentTwin Studiesheritability = proportion of trait can be inheriteddizygotic twin experienced same womb environment,monozygotic- chromosome are arranged in the exact same way(where those genes are located are just as important on t
UCSD - BIEB - 166
long term potentiation (LTP)long term memory formation alpha-camKIIhippocampusMorris Water Task : mouse in milky water where they cant see the platform and there is alandmark relative to the platformescape time faster but the mutant (alpha-caMKII), t
UCSD - BIEB - 166
imprinting = rapid and persistent form of learningcritical period ( timing specific)irreversibleexample of highly limited open programsexual imprintingsensitive periodsupra individualto avoid problem, may use puppetssexually imprinting generally n
UCSD - BIEB - 166
taxis:fungus phototaxis moving towards lightcricket phonotaxis: soundamoeba chemotaxis: odor chemicals release by foodex) snake and slug (tongue)moth malemenotaxis: 90o to windanemotaxis: flying toward windchemotaxisanimals is using multiplemajo
UCSD - BIEB - 166
migrationex) lobsterex) shark - sensitive to electric fieldsmagnetic fieldas long as they can see the sun,magnetic disturb orientation when birds cannot see sun (short vector)but only when they cannot see the sunthey prefer the sun/stars because th
UCSD - BIEB - 166
communication (1)-signal by natural selectionex) cleaner fish, signal = appearanceex) animal has evolved to try and deceive. fly look like beecommunication (2)specially designed signalsadvantages to the signalerex) snapping turtle, communication is
UCSD - BIEB - 166
sound waves are linearly, so they combine and then come out independently, the same.sound amplitude: how loud (strength)changing in loudness, the height changestime domainfrequency domainhigh frequency= shorter wavelengthwavelength, is the distance
UCSD - BIEB - 166
Sound Monopolesex) water stryderAcoustic short circuitingex) cricketto create wavelength that is greater than the cricket length the sound will bend back and be shortcircuited. so like the part of the energy will be used to cycle. The body is seen as
UCSD - BIEB - 166
Global attenuationPattern Lossresonance frequency, vibrate more (ex. glass shattering)resonance frequency is the loudest freq.further away, must decrease in amplitudeR^2 (reflected wave)1-R^2 (refracted wave. go through)something approximately 180
UCSD - BIEB - 166
long time relationship with familyresident- long term: eating salmontransient short term: eating marine mammals (ie. seals): therefore do not echolocateB1 and I2 share about 74% common
UCSD - BIEB - 166
Annu. Rev. Psychol. 1999. 50:65182Copyright 1999 by Annual Reviews. All rights reservedAnnu. Rev. Psychol. 1999.50:651-682. Downloaded from www.annualreviews.orgby University of California - San Diego on 12/02/11. For personal use only.NEUROETHOLOGY O
UCSD - BIEB - 166
Vervet Monkey Alarm Calls: Manipulation through Shared Information?Author(s): Dorothy L. Cheney and Robert M. SeyfarthReviewed work(s):Source: Behaviour, Vol. 94, No. 1/2 (Jul., 1985), pp. 150-166Published by: BRILLStable URL: http:/www.jstor.org/sta
UCSD - BIEB - 166
How to read papersOne of the first questions that is generally asked is how much detail do I need to know?The answer is that students should understand the main points of the paper. In otherwords, after reading each section, come up with the main conce
UCSD - BIEB - 166
UCSD - BIEB - 166
BIEB 166: Lecture 1 readingBIEB 166: Animal Behavior and CommunicationLECTURE 1 READING: Course Overview & History of EthologyI.Course overviewPart I:Ethology and mechanisms of behaviorIntroduction to EthologyMolecules to behaviorLearningPart II
UCSD - BIEB - 166
BIEB 166 Lecture 2 readingBIEB 166: ANIMAL BEHAVIOR & COMMUNICATIONLECTURE 2 READING: Tinbergens 4 Questions:Classical Ethology Part II.Tinbergen's 4 questionsa.Proximate:1. Causation2. Developmentb.Ultimate:3. Function4. Evolutionary History
UCSD - BIEB - 166
BIEB 166 Lecture 3Latest revision: 1/16/07, 3:54 PMBIEB 166: ANIMAL BEHAVIOR & COMMUNICATIONLECTURE 3 READING: Classical Ethology Part III.UmweltWhat would it like to hear with ears of a bat, sense electric currents like an electric eel, orsmell th
UCSD - BIEB - 166
BIEB 166 Lecture 4BIEB 166: ANIMAL BEHAVIOR & COMMUNICATIONLECTURE 4 READING: Behavioral NeurobiologyI.NeuroethologyNeuroethology is the study of the neural basis of behavior. The techniques ofmodern neuroanatomy and neurophysiology have, in some ca