Rigos CPA Review Course - Auditing & Attestation Sample Chapter

1. Exam Coverage: Welcome to the Auditing and Attestation section of Rigos CPA Review. This section of the exam tests the candidate’s knowledge of auditing procedures, auditing standards generally accepted in the United States of America (GAAS) and other standards related to attest engagements. This section also tests skills needed to conduct auditing and other attestation engagements. Knowledge and skills are tested in the following five broad areas:

2. Attestation: An attestation is a systematic process in which an attester ("auditor" - "practitioner" - “accountant”) provides independent assurance as to whether an assertion (made by an asserter - "management") has been prepared in conformity with the appropriate criteria. The purpose is to ascertain the degree of correspondence between those assertions and established criteria and to communicate the results to interested users. Attestations include financial statement audits, reporting on forecasts, projections, pro-forma information, effectiveness of internal control, or the client's compliance with specified laws and regulations, or contracts, or grants.

3. Auditing: Auditing is a type of attest function in which an auditor provides an independent opinion (assurance) about whether management (asserter) has prepared financial statements in conformity with generally accepted accounting principles (criteria). An independent auditor plans, conducts, and reports the results of an audit in accordance with generally accepted auditing standards (GAAS). Auditing standards provide a measure of audit quality and the objectives to be achieved in an audit. Auditing procedures differ from auditing standards. Auditing procedures are acts that the auditor performs during the course of an audit to comply with auditing standards.

Generally accepted auditing standards (GAAS) should be regarded as the minimum standards required of an auditor in the execution of an audit engagement. GAAS provide a measure of audit quality and the objectives to be achieved in an audit. Expressed in a more operational sense, these ten generally accepted auditing standards are general guidelines used by the profession and the auditor when exercising professional judgment in the conduct of an audit. The standards are intended to provide guidance to the process of auditing. The ultimate legal question is whether the auditor adhered to reasonable standards under the circumstances.

Attestation standards are similar to GAAS, but they establish a broad framework for and set reasonable boundaries around a variety of attest services increasingly demanded of the accounting profession. Attestation standards provide guidance to improve the consistency and quality of attest engagements.

Generally Accepted Auditing Standards	Attestation Standards
General Standards
1. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor.	1. The engagement shall be performed by a practitioner having adequate technical training and proficiency in the attest function.
2. In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditor or auditors.	2. The engagement shall be performed by a practitioner having adequate knowledge of the subject matter.
3. Due professional care is to be exercised in the performance of the audit and the preparation of the report.	3. The practitioner shall perform the engagement only if he or she has reason to believe that the subject matter is capable of evaluation against criteria that are suitable and available to users.
	4. In all matters relating to the engagement, an independence in mental attitude shall be maintained by the practitioner.
	5. Due professional care shall be exercised in the planning and performance of the engagement.
Field Work Standards
1. The work is to be adequately planned and assistants, if any, are to be properly supervised.	1. The work shall be adequately planned and assistants, if any, shall be properly supervised.
2. A sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed.	2. Sufficient evidence shall be obtained to provide a reasonable basis for the conclusion that is expressed in the report.
3. Sufficient competent evidential matter is to be obtained through inspection, observation, inquiries, and confirmations to afford a reasonable basis for an opinion regarding the financial statements under audit.
Reporting Standards
1. The report shall state whether the financial statements are presented in accordance with generally accepted accounting principles (GAAP).	1. The report shall identify the subject matter or the assertion being reported on and state the character of the engagement.
2. The report shall identify those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period.	2. The report shall state the practitioner's conclusion about the subject matter or the assertion in relation to the criteria against which the subject matter was evaluated.
3. Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise stated in the report.	3. The report shall state all of the practitioner's significant reservations about the engagement, the subject matter, and, if applicable, the assertion related thereto.
4. The report shall contain either an expression of opinion regarding the financial statements, taken as a whole, or an assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons therefor should be stated. In all cases where an auditor's name is associated with financial statements, the report should contain a clear-cut indication of the character of the auditor's work, if any, and the degree of responsibility the auditor is taking.	4. The report shall state that the use of the report is restricted to specified parties under the following circumstances: When the criteria used to evaluate the subject matter are determined by the practitioner to be appropriate only for a limited number of parties who either participated in their establishment or can be presumed to have an adequate understanding of the criteria. When the criteria used to evaluate the subject matter are available only to specified parties When reporting on subject matter and a written assertion has not been provided by the responsible party. When the report is on an attest engagement to apply agreed-upon procedures to the subject matter.

An acronym to help you memorize the ten elements of generally accepted auditing standards is:

    T -- Technical training and proficiency of auditor
    I -- Independence in fact and in appearance
    P -- Professional Care in performing the audit

    S -- Supervision of audit personnel and planning of the engagement
    I -- Internal control evaluation
    E -- Evidence sufficient to base an opinion

    A -- According to GAAP
    C -- Consistency
    D -- Disclosures adequate
    O -- Opinion expressed

1. General Standards - TIP: The general standards address the emotional, ethical and personal characteristics that all auditors should possess in order to properly discharge their professional responsibilities.

2. Standards of Fieldwork - SIE: The second group of standards is concerned with the execution of audit procedures and the collection of audit evidence during the course of the engagement. The fieldwork standards apply to subjects such as the supervision of personnel and the need to evaluate internal control and collect sufficient evidence.

3. Reporting Standards - ACDO: The final group of standards concerns the nature and required content of the auditor's report.

In addition to the AICPA's ten generally accepted auditing standards and the attestation standards, there are several other professional pronouncements that provide guidelines for auditing and attestation engagements.

1. Statements on Auditing Standards (SAS): These pronouncements are issued by the Auditing Standards Board (ASB) of the AICPA. SASs usually provide detailed implementations of the general concepts reflected in GAAS. These statements relate to specific topics and audit procedures. SASs are considered interpretations of the ten GAAS which are intended to clarify the meaning of GAAS. The AICPA issues a Codification of SASs by topic rather than by sequence of adoption. These topics are referenced by numbers preceded by "AU," such as "AU 311.05." The Codification is part of the AICPA Professional Standards. Auditors should be prepared to justify any departures from the SASs.

2. Interpretive Publications: Interpretative publications are not auditing standards, but are issued under the authority of the ASB. They are recommendations on the application of the SASs in specific circumstances, including engagements for entities in specialized industries. The auditor should be aware of and consider interpretive publications applicable to his or her audit. If the auditor does not apply the auditing guidance included in an applicable interpretive publication, the auditor should be prepared to explain how he or she complied with the SAS provisions addressed by such auditing guidance. Interpretative publications include:

a. Auditing Interpretations of the SASs: Interpretations are issued by the Audit Issues Task Force of the Auditing Standards Board to provide timely guidance on the application of pronouncements of that Board. Interpretations are reviewed by the Auditing Standards Board.

3. Other Auditing Publications: Other auditing publications have no authoritative status; however, they may help the auditor understand and apply the SASs. If an auditor applies the auditing guidance included in another auditing publication, he or she should be satisfied that, in his or her judgment, it is both relevant to the circumstances of the audit, and appropriate. In determining whether another auditing publication is appropriate, the auditor may wish to consider the degree to which the publication is recognized as being helpful in understanding and applying the SASs and the degree to which the issuer or author is recognized as an authority in auditing matters. Other auditing publications published by the AICPA that have been reviewed by the AICPA Audit and Attest Standards staff are presumed to be appropriate.

Other auditing publications include AICPA auditing publications not referred to above; auditing articles in the Journal of Accountancy and other professional journals; auditing articles in the AICPA CPA Letter; continuing professional education programs and other instruction materials, textbooks, guide books, audit programs, and checklists; and other auditing publications from state CPA societies, other organizations, and individuals.

4. SEC Regulations: Audits of publicly held companies are subject to additional SEC requirements. These are addressed in Chapter 7.

5. Government Auditing Standards (the Yellow Book): These standards are issued by the U.S. General Accounting Office (GAO) and must be followed for audits of both governmental and non-governmental entities receiving federal government financial assistance. More information is provided in Chapter 7.

1. Statements on Standards for Attestation Engagements (SSAE): These statements direct the conduct of attest services applied to other than traditional financial statements. They do not supersede any standards for other types of services (e.g., SASs, SSARs). These statements apply only to attest services rendered by a CPA in the practice of public accounting. Their numbers in the Codification begin with "AT".

2. Attestation Interpretations: These are also issued by the AICPA and provide recommendations on the application of SSAEs in specific circumstances, including engagements for entities in specialized industries.

3. Statements on Standards for Accounting and Review Services (SSARS): These pronouncements are issued by the Accounting and Review Services Committee of the AICPA. They provide standards for review and compilation (unaudited) services provided to non-public entities. Their numbers in the Codification begin with "AR".

4. Standards for Consulting Services: These standards are issued by the AICPA Management Consulting Services Executive Committee. They provide guidance for consulting services provided by CPAs. Their numbers in the Codification begin with "CS".

Statements on Quality Control Standards are issued by the Auditing Standards Board. Firms that are enrolled in an Institute-approved practice-monitoring program must adhere to the quality control standards. Their numbers in the Codification begin with “QC”.

Quality standards relate to the conduct of a firm's audit and/or attest practice as a whole, while generally accepted auditing standards and attestation standards relate to the conduct of individual audit and attestation engagements. Thus, generally accepted auditing standards and attestation standards are both related to quality control standards.

Deficiencies in or instances of noncompliance with a firm's quality control policies and procedures do not, in and of themselves, indicate that a particular audit or attest engagement was not performed in accordance with standards.

A CPA firm is required to have a system of quality control for its accounting and auditing practice to ensure that services are competently delivered and adequately supervised. A system of quality control should be designed to provide the firm with reasonable assurance that its personnel comply with applicable professional standards and the firm's standards of quality. The nature, extent, and formality of a firm's quality control policies and procedures should be appropriately comprehensive and suitably designed in relation to the firm's size, the knowledge and experience of its personnel, the nature and complexity of the firm's practice, and appropriate cost-benefit considerations.

According to the Statements on Quality Control Standards, the quality control policies and procedures applicable to a firm's accounting and auditing practice include the following elements:

a. Independence: Independence encompasses an impartiality that recognizes an obligation of fairness not only to management and owners of a business but also to those who may otherwise use the firm's report. The firm and its personnel must be free from any obligation to or interest in the client, its management, or its owners.

b. Integrity: Integrity requires personnel to be honest and candid within the constraints of client confidentiality. Service and the public trust should not be subordinated to personal gain and advantage.

c. Objectivity: Objectivity is a state of mind and a quality that lend value to a firm's services. The principle of objectivity imposes the obligation to be impartial, intellectually honest, and free of conflicts of interest.

2. Personnel Management: A firm's quality control system depends heavily on the proficiency of its personnel. The quality of a firm's work ultimately depends on the integrity, objectivity, intelligence, competence, experience, and motivation of personal who perform, supervise, and review the work. Accordingly, policies and procedures should be established to provide the firm with reasonable assurance in the following areas:

a. Hiring: Personnel are hired who possess the appropriate characteristics to enable them to perform competently.

b. Assignments: Work must be assigned to personnel having the degree of technical training and proficiency required in the circumstances.

c. CPE: Personnel participate in general and industry-specific continuing professional education and other professional development activities that enable them to fulfil their assigned responsibilities.

d. Advancement: Personnel selected for advancement have the qualifications necessary to fulfil the responsibilities they will be called on to assume.

3. Acceptance and Continuance of Clients and Engagements: Policies and procedures should be established for deciding whether to accept or continue a client relationship and whether to perform a specific engagement for that client. Prudence suggests that a firm be selective in determining its client relationships and the professional services it will provide. These policies and procedures should provide reasonable assurance that the firm undertakes only those engagements that the firm can reasonably expect to complete with professional competence.

4. Engagement Performance: Policies and procedures should be established to provide reasonable assurance that the work performed by engagement personnel meets applicable professional standards, regulatory requirements, and the firm's standards of quality.

5. Monitoring: Monitoring provides the firm with reasonable assurance that the policies and procedures established by the firm for each of the other elements of quality control are well designed and are being effectively applied. Monitoring involves the on-going consideration and evaluation of (1) relevance and adequacy of the firm's policies and procedures, (2) appropriateness of the firm's guidance materials and any practice aids, and (3) compliance with the firm's policies.

Members of the AICPA who are engaged in the practice of public accounting in the United States or its territories are required to be practicing in a firm that is enrolled in an approved practice-monitoring program or, if practicing in a firm not eligible to enroll, are themselves enrolled in such a program. Enrollment is required if the firm or individual performs engagements covered by Statements on Auditing Standards (SASs); Statements on Standards for Accounting and Review Services (SSARS); Statements on Standards for Attestation Engagements (SSAEs); and the Government Auditing Standards (the Yellow Book), issued by the U.S. General Accounting Office (GAO).

A firm (or individual) enrolled in the AICPA peer review program or a member firm of the SEC Practice Section (SECPS) is deemed to be enrolled in an approved practice-monitoring program.

1. AICPA Peer Review Program: Firms (and individuals) in the AICPA peer review program need to:

a. System Reviews: Firms that perform engagements under the SASs, Government Auditing Standards or examinations of prospective financial statements under the SSAEs have peer reviews called system reviews.

b. Engagement Reviews: Firms that only perform services under SSARS and/or services under the SSAEs not included in system reviews have peer reviews called engagement reviews.

c. Report Reviews: Firms that only perform compilation engagements under SSARS where the firm has compiled financial statements that omit substantially all disclosures have peer reviews called report reviews.

3. Review Team: A review team may be formed by a firm engaged by the firm under review (a firm-on-firm review), a state CPA society participating in the program (a committee-appointed review team, also known as a CART review), or an association of CPA firms authorized by the AICPA Peer Review Board to assist its members by forming review teams to carry out peer reviews (an association review).

All review team members must be members of the AICPA and have at least five years' recent experience in auditing. The team captain must meet additional requirements.

4. Standards for Performing and Reporting on Peer Reviews: These standards describe how peer reviews should be conducted and peer review reports should be prepared under the AICPA Peer Review Program. Their numbers in the Codification begin with “PR”.

[State CPA society letterhead for a “ CART Review ” ; firm letterhead for a “ Firm-on-Firm Review ” ; association letterhead for an “ Association Review ” ]

August 31, 20XX
To the Partners [or other appropriate terminology] Able, Baker & Co.

or To John B. Able, CPA

    We have reviewed the system of quality control for the accounting and auditing practice of [Name of firm] (the firm) in effect for the year ended June 30, 20XX. A system of quality control encompasses the firm's organizational structure and the policies adopted and procedures established to provide it with reasonable assurance of conforming with professional standards. The elements of quality control are described in the Statements on Quality Control Standards issued by the American Institute of Certified Public Accountants (AICPA). The design of the system and compliance with it are the responsibility of the firm. Our responsibility is to express an opinion on the design of the system, and the firm's compliance with the system based on our review.

    Our review was conducted in accordance with standards established by the Peer Review Board of the AICPA. In performing our review, we obtained an understanding of the system of quality control for the firm's accounting and auditing practice. In addition, we tested compliance with the firm's quality control policies and procedures to the extent we considered appropriate. These tests covered the application of the firm's policies and procedures on selected engagements. Because our review was based on selective tests, it would not necessarily disclose all weaknesses in the system of quality control or all instances of lack of compliance with it.

    Because there are inherent limitations in the effectiveness of any system of quality control, departures from the system may occur and not be detected. Also, projection of any evaluation of a system of quality control to future periods is subject to the risk that the system of quality control may become inadequate because of changes in conditions, or because the degree of compliance with the policies or procedures may deteriorate.

    In our opinion, the system of quality control for the accounting and auditing practice of [Name of firm] in effect for the year ended June 30, 20XX, has been designed to meet the requirements of the quality control standards for an accounting and auditing practice established by the AICPA and was complied with during the year then ended to provide the firm with reasonable assurance of conforming with professional standards.

John Brown, Team Captain

[or Name of reviewing firm]

The overall audit process is illustrated below. Each of these audit steps is discussed in detail in this and/or in subsequent chapters of this book.

The auditor must decide whether to accept a new client or to continue to audit an existing client. CPA firms are required by Statement of Quality Control Standards 1 to have procedures in place to determine acceptability of clients.

In determining whether to accept a new audit client, a CPA typically investigates the firm's financial stability, reputation in the business community, and relationship with its previous auditors. Previous conflicts regarding audit procedures or fees are factors to consider in deciding whether to continue with an existing client. Clearly the presence of adequate accounting records is a major factor in determining whether an audit can be performed.

The auditability of a client must be evaluated. Auditability may be adversely impacted by problems such as:

These audit-related factors could be combined with four key environmental factors which influence the auditability of a client. These include:

SAS 84 Requirements: A successor auditor must communicate with the predecessor auditor before accepting an audit engagement. To perform the communication, the successor first must obtain permission from the client; otherwise, the processor cannot disclose confidential information. If the client refuses, the successor auditor should inquire about the reasons and consider the implications for whether to accept the engagement. The successor auditor should ask the predecessor about the following four FIRD concerns:

1. Fraud: Communications to audit committees or another with equivalent authority and responsibility regarding fraud, illegal acts by clients, and internal-control-related matters.

3. Reason for Change: The predecessor auditor's understanding about the reasons for the change of auditors.

4. Disagreement: Disagreements with management as to accounting principles, auditing procedures, or other significant matters.

The successor auditor should also consider inquiring about other areas of audit significance, such as the following. These communications may take place after the engagement has been accepted.

The predecessor auditor is required to respond promptly and fully to the successor's inquiries unless he indicates that the response is limited. The successor accountant may use his or her judgment to decide which workpapers, if any, to make available to the successor.

The predecessor auditor may indicate various problems experienced with the client, such as disputes concerning audit procedures or fees or application of accounting principles. If there is an ongoing dispute or legal problem with the client, the predecessor auditor may state that no information will be provided. In such situations, the successor auditor will want to make further investigation if any of these problem situations are present before deciding to accept the client.

1. Client Knowledge: After the decision has been made to proceed with the audit, a number of important steps must be taken. The first is the development of various key items of information about the client. This necessary step is specified by the requirements of Ethics Rule 201, which suggests that a firm accept only those clients it can reasonably expect to serve in a competent manner. Also, SAS 22, which discusses in detail the need for planning and supervision of audit engagements, strongly implies that an appropriate level of knowledge of the client's business and industry must be obtained prior to commencing the audit. Information about the client and the applicable accounting principles and practices can be gathered from:

2. Evaluation of Audit Risk and Materiality: Knowledge of the client is necessary for the auditor to do a preliminary evaluation of audit risk - the risk that the financial statements will be materially misstated after the audit has been completed and the auditor fails to appropriately modify his or her opinion. Important factors influencing the level of audit risk that the auditor considers acceptable include the extent of reliance on the client's financial statements by external users and the susceptibility of the client to experience financial problems after the audit. The various components of audit risk and the concept of materiality are covered in detail in Chapter 2.

3. Analytical Procedures: SAS 56 requires that analytical procedures be applied during the planning and overall review stages of all audits. There are no specific requirements or procedures which must be performed. It is up to the auditor's professional judgment to determine which analytical procedures are appropriate in each audit situation. Analytical procedures may include comparing current year balances and ratios to prior years. The purpose of this requirement is to assist in planning the necessary nature, timing and extent of substantive tests. Analytical procedures should also build the auditor's understanding of the client's business and of relevant transactions and events of audit significance. The procedures should help to identify areas of audit or control risk by highlighting unusual transactions or balances. The auditor must clearly document the procedures performed and the conclusions reached from the analytic procedures. See Chapter 2 for more details.

SAS 83 requires the auditor to reach an understanding with the client regarding the services to be performed for each engagement. Such an understanding reduces the risk that either the auditor or the client may misinterpret the needs or expectations of the other party. The auditor should document the understanding in the workpapers, preferably through a written communication (such as an engagement letter). If an understanding is not reached, the auditor should decline to accept or perform the engagement.

a. Objectives of the Engagement: To detail for the client that the purpose is to express an opinion on the financial statements in conformity with GAAP. This is especially critical for a new audit client or for an initial audit of a continuing client.

b. Management’s Responsibilities: To clearly communicate to the client that management is responsible for the financial statements, the system of internal controls, compliance with laws and regulations, providing the auditor with access to accounting records and other information, adjusting the financial statements to correct material misstatements, providing the auditor with a representation letter (see Chapter 5), and so on.

c. Auditor’s Responsibilities: To clarify that the auditor is responsible for conducting the auditing in accordance with GAAS and for expressing an opinion on the financial statements or explaining why an opinion cannot be expressed. The auditor is also responsible for communicating to the audit committee or its equivalent any reportable conditions that come to his or her attention.

d. Limitations of the Engagement: To disclose to the client that an audit provides reasonable rather than absolute assurance that the financial statements are free of material misstatement, whether caused by error or fraud; that an audit is not designed to detect error or fraud that is immaterial; and that an audit is not designed to provide assurance on internal control or to identify reportable conditions.

2. Components of an Engagement Letter: If a written engagement letter is prepared, it typically includes the following components:

Conceptually, the next step in the audit process is the study and evaluation of the client's internal control structure. The auditor is interested in how the client assures accuracy in financial information reporting and protects the assets of the business. Good internal control may reduce the testing that the auditor finds necessary to substantiate the reported opinion covering the financial statements. On the other hand, the auditor may decide an audit is impossible because the client's internal controls are very poor. SAS 55 requires the auditor to affirmatively assess the control risk. Control risk is the risk that a material misstatement could occur in an assertion and not be prevented or detected on a timely basis by the entity's control structure, policies or procedures. This part of the audit is addressed in Chapter 3.

The next audit step is the process of gathering evidence to substantiate the account balances reported in the financial statements. The evidence gathering process is the most time-consuming part of the audit. In accordance with the third standard of fieldwork, the auditor must gather sufficient evidence to support the assertions reported on the financial statements. All significant transactions must have been recorded, classified and summarized properly. The auditor must also gather enough information to assure that financial statement disclosures are accurate and complete. This part of the audit is addressed primarily in Chapter 4.

As detailed in Chapter 5, completing the audit includes a review of subsequent events and contingent liabilities. Analytical procedures are again used to evaluate the overall financial statements and to identify any areas where unusual fluctuations of balances may require disclosure or further audit work. Misstatements are evaluated individually and in the aggregate for materiality, and conclusions are drawn from the audit findings. The auditor also makes required communications with the client's audit committee and/or senior management.

The final step, based on the all the information available, is the formation of an opinion covering the financial statements. This includes publicizing the audit report to the client, the stockholders and the public.

In most instances, the audit opinion that is rendered is the standard, unqualified. The following language is for a single year, assuming that the audit is conducted according with U.S. GAAS and U.S. GAAP.

Independent Auditor's Report

To the Stockholders (or Board of Directors)
Great Expectations, Inc.
New York, NY

        We have audited the balance sheet of Great Expectations, Inc., as of December 31, 20x0 and the related statements of income, retained earnings, and cash flows for the year then ended. These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on these financial statements based on our audit.

        We conducted our audit in accordance with U.S. generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides reasonable basis for our opinion.

        In our opinion, the financial statements referred to above present fairly in all material respects, the financial position of Great Expectations, Inc., at December 31, 20x0, and the results of its operations and its cash flows for the year then ended, in conformity with U.S. generally accepted accounting principles.

            Debit, Credit & Co., CPAs
            March 27, 20x1

There are several key components to the standard unqualified opinion. Each component has specific requirements and a well-understood professional meaning. The various opinions are covered in detail in Chapter 6. The candidate should memorize the specific wording of the above standard report because the wording and content of individual paragraphs are often tested in multiple choice questions.

Departures from the Standard Report occur when circumstances require modification to the standard unqualified report; also, when a qualified or adverse opinion or a disclaimer of opinion must be issued. These topics are covered in detail in Chapter 6.