AUD CPA Exam Review

Definition of Internal Auditing

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.

Single flat file structure

All attributes and field lengths in a record are identical to those in the other records. The structure is typically a table or spreadsheet with records for rows and attributes for columns.

Pro forma financial statements

Statements that show the effects of proposed transactions and events as if they had occurred.

Bar Code Scanning

Is a form of optical character recognition. Bar codes are a series of bars of different widths that represent critical information about the item. They can be read and the information can be instantly recorded using a scanner.

Object-Oriented Approach

Is intended to produce reusable code. Because code segments can be reused in other programs, the time and cost of writing software should be reduced.


Is the term for determining how groups of data items in a relational structure are arranged in records in a database.

Parallel Simulation

A computer-assisted auditing technique that processes client input data on a controlled program under the auditor's control to test controls in the computer system. The client's input data is processed through both the auditor's version of the client's pr

Control Risk

the likelihood that the client's internal control policies and procedures fail to prevent or detect a material misstatement

Responsibilities of a Certified Information Systems Auditor (CISA)

Evaluation of the IS strategy and the processes for its development. Evaluation of the IS policies, standards, and procedures. Evaluation of management practices.

Conflict-of-interest statements obtained by the entity from its management

Are reviewed to identify material transactions with known related parties or indicate the existence of previously unknown related parties.

When the auditor becomes aware of information concerning possible noncompliance with laws or regulations

The auditor should obtain (1) an understanding of the nature of the act and the circumstances in which it occurred and (2) further information to evaluate the effect on the financial statements.

Component auditor responsibilities

Whether or not the group auditor refers in the report to the audit of the component auditor, the component auditor remains responsible for his or her overall findings, conclusions, or opinions.

The CFO is the custodian of

funds and is responsible for deposit of daily receipts.

In an attest engagement

a practitioner is engaged to issue or does issue an examination, a review, or an agreed-upon procedures report on subject matter, or an assertion about the subject matter, that is the responsibility of another party.

If comparative statements have been reviewed, a continuing accountant should

Update his or her report on the financial statements of a prior period.

Security software packages typically

provide audit trails of access attempts, the capability of assigning degrees of protection to data elements, and monitoring of systems accesses. File backup is typically not a function of security software.

The procedures in a review of IFI include

(1) analytical procedures; (2) reading the minutes of meetings; (3) reading the IFI to consider whether it is in accordance with the applicable reporting framework; (4) obtaining reports of other auditors who have reviewed interim information of component

The risk assessment process

Is a component of I/C and is the entity's identification, analysis, and management of risks relevant to preparation of financial statements.

When would using the blank form of confirmation of accounts receivable most likely be preferable to other types of positive confirmations?

Recipients are likely to sign other types of positive confirmations without careful investigation.

risk assessment procedures:

(1) inquiries of management and others within the entity, (2) analytical procedures, and (3) observation and inspection.

The phrase "with the foregoing explanation

is unacceptable

Using a generalized audit software (GAS) package.

Can preserve independence from an external source rather than relying on auditee-developed audit software. Also, efficiency is enhanced to the extent GAS can be used (as compared to manual auditing or writing special audit programs).

accounts receivable turnover ratio

net credit sales/average net accounts receivable

According to professional standards, analytical procedures are least likely to be applied to:

Compile F/S. AR-C 80, Compilation of Financial Statements states that no audit procedures need be applied in a compilation of financial statements. The accountant is required only to read the financial statements to identify obvious material misstatements

An auditor is required to include significant deficiencies and material weaknesses in internal control over financial reporting in a report prepared under

Government Auditing Standards. The report is required to be distributed to those charged with governance, to the appropriate officials of the audited entity, and to the appropriate oversight bodies or organizations requiring or arranging for the audits.

Solicitation may not be false, misleading, or deceptive.

Thus, a CPA may not claim to be endorsed by the Institute. The AICPA does not make endorsements. A member may, however, state that (s)he is a member.

When the audit indicates the presence of error or fraud that requires a modification of the opinion, and the client refuses to accept the auditor's report as modified

the auditor should withdraw and communicate the reasons for withdrawal to the audit committee of the board.

A protocol

is a set of formal rules or conventions governing communication between a sending and a receiving device. It prescribes the manner by which data are transmitted between these communications devices.

sample size formula for an attribute sampling application

n = ((C^2)pq)/P^2

An auditor concluded that no excessive costs for an idle plant were charged to inventory. This conclusion most likely related to the auditor's objective to obtain evidence about the relevant assertions regarding inventory, including presentation and discl

Valuation and allocation.

Mean-per-unit (MPU)

estimates the average value of population items. It averages the audit values of the sample items and multiplies the result by the number of items in the population.

Statistical sampling

helps the auditor to design an efficient sample, to measure the sufficiency of the evidence obtained, and to evaluate the sample results.

The auditor should ensure that those charged with governance are communicated to about

About the process used by management in formulating particularly sensitive accounting estimates and about the basis for the auditor's conclusions regarding the reasonableness of the estimates.
Material, corrected misstatements brought to management's atte

Independent auditors may not share any responsibility involving

judgments, including the assessment of inherent and control risk. This is true because the internal auditor, even if assessed to be both competent and objective, is not independent.

Who should receive monthly bank statements from bank and review them?

The internal auditor, they are generally independent of other functions relating to cash.

Accounting estimates may:

1. Measure the effects of past transactions that cannot be determined in a timely cost-effective manner.
2. Measure the effects of the present status of an asset or liability.
3. Be used to approximate an account pending the outcome of a future event (e.g

What opinion should be issued when a material weakness exists when reporting on ICFR for nonissuer?

the auditor should issue an adverse opinion.

A report on I/C on compliance will

disclaim an opinion on the effectiveness of internal control over compliance

Section 404 of the Sarbanes-Oxley Act of 2002 requires the company's external auditors

requires management to assess the effectiveness of internal control over financial reporting and requires the auditor to express an opinion on management's assessment.

The standard compilation report includes a disclaimer, indicating that the accountant does not express an opinion, a conclusion, nor provide any assurance with respect to financial statement presentation. When substantially all disclosures are omitted, th


Government Audit Standards define three types of engagements:

financial audits, attest engagements, and performance audits.

Audit documentation should show

that the accounting records agree or reconcile with the financial statements.

If the auditor lacks independence with respect to an audit client

the auditor must disclaim an opinion on the financial statements. A qualified opinion is not an option.

A scope limitation may result in

a qualified opinion or a disclaimer of opinion.

An adverse opinion

is rendered when there is a departure from GAAP

Must" or "is required

indicates an unconditional requirement, which must be followed in all cases in which the requirement is relevant.


indicates a presumptively mandatory requirement, which must be followed in all cases in which the requirement is relevant, except for rare circumstances when departure from the requirement is permitted.

May," "might," and "could

indicate explanatory material that does
not impose a professional requirement for performance.

A person identified as an audit committee financial expert

must acquire experience through involvement as a principal financial officer, principal accounting officer, controller, public accountant, auditor, or one who actively supervises or assess the performance of one of these financial jobs.
Note: serving on a

Test Data

is data that the auditor develops to test programmed controls. It involves running test transactions through the client's system and evaluating results against expectations; it does not involve using a program under the auditor's control.

A disclaimer of opinion is issued

when there is a significant scope limitation, when the auditor is not independent, or when the financial statements are not audited

What type of fraud should be reported to those charged with governance?

Only fraud that causes a material misstatement of the financial statements or fraud involving senior management.

A "disclaimer of opinion" must be issued when a CPA is "associated" with FS of a publicly held entity

but has not audited or (interim) reviewed such FS.

Internal control over safeguarding of assets may relate to

both financial reporting and operations objectives.

What type of opinion would be issued if one or more of the significant assumptions do not provide a reasonable basis for the financial statements forecast

an adverse opinion

Objectivity relating to internal auditor

is reflected by the organizational level they report to

During an economic downturn, it is more likely that customers will default on payments owed. The auditor should therefore focus increased attention on

the allowance for doubtful accounts, to ensure that it has been adjusted to appropriately reflect this increased risk.

Any report issued on significant deficiencies noted during an audit should

(1) indicate that the purpose of the audit was to report on the financial statements and not to provide assurance on internal control, (2) include the definition of significant deficiencies, and (3) include a restriction on the use of the report.

Which method of sampling requires special design considerations for inclusion of zero and negative balances?

Probability-Proportional to Size (PPS) Sampling

When management does not provide reasonable justification that a change in accounting principle is preferable and it presents comparative FS, the auditor should express a qualified opinion

each year that the FS initially reflecting the change are presented.

Government Auditing Standards require a description of the scope of

the auditor's testing of compliance and of internal control. This is not required under generally accepted auditing standards.

Period-end financial reporting controls

are specifically identified within the professional standards as items of importance that should be evaluated.

The auditor's preliminary judgment about materiality is generally based on

either annualized interim financial statements or annual financial statements from a prior period.

In order to validate the legitimacy of a faxed confirmation, the auditor is likely to

call the senders to verify the sources and contents.

When will the auditor gather audit evidence?

After the sample size is selected, the auditor will gather audit evidence by performing substantive procedures, test of controls, and other audit procedures.

Projected misstatement

is an auditor's best estimate of misstatements in a population extrapolated from misstatements identified in an audit sample.

Three examples associated with fraud risk in the revenue cycle include:

1. Holding the books open after the accounting period ends
2. Materially understating the allowance for receivable uncollectible accounts
3. Failing to record customer product returns on a timely basis

A written client representation letter should include representations regarding matters that may affect

recognition, measurement, and disclosure.


is withholding and not recording the current receipt of cash or checks, which is covered by using a subsequent receipt for the previous unrecorded amount.

Effective means to detect kiting

Preparing a bank transfer schedule

What departement should approve/authorize the write-off of uncollectable accounts?


An accountant engaged to review management's discussion and analysis should comply with

Statements on Standards for Attestation Engagements.

What type of report when going concern doubt?

If adequetly disclosed usually a unmodified with an emphasis of matter or a disclaimer. It not disclosed it is a GAAP departure that requires the auditor to issue either a qualified or adverse opinion.

What should be the date of the management representation letter?

typically be the same as the audit report.

What type of report should be issued in an examination of prospective financial statements, if the assumptions do not provide a reasonable basis for the prospective financial statements?

an adverse opinion.

The tolerable rate (TR)

is the maximum deviation rate an auditor is willing to accept before concluding the control is ineffective.

Condensed financial statements

Do not conform to GAAP and are not prepared in accordance with an OCBOA. They are a supplementary filing and would not be compared to themselves for determining if they are fairly stated. They are derived from the audited financial statements, the auditor


are used by the auditor in obtaining an understanding of internal control. They may involve inquiry, observation, document inspection, recalculation, and reperformance and are used to identify deficiencies in design and in operation.

A firewall

is set up as an electronic boundary to prevent a user from having access to programs or data that they are not authorized to have.

A router

is designed to facilitate the flow of information.

A gateway

is a means of entry into a program or set of data.


refers to a method of analysis based on rules, rather than logic

The two types of statistical sampling plans (methods) are

variables and attribute sampling.

Variables sampling

is used to establish the reasonableness of dollar amounts.

Attribute sampling

is used to determine the rate of occurrence for a specific qualitative characteristic.

The audit committee

is a subcommittee of the board of directors that consists only of directors that are independent of the entity.

Who is responsible for the design, implementation, and maintenance of internal control? (DIM)

Management, not the audit committee, and the board of directors has oversight responsibility over management.

An audit data analytic (ADA)

is a procedure used to help the auditor discover patterns and identify anomalies that may require further investigation. It can be used in all phases of an audit, including risk assessment procedures, tests of controls, substantive analytical procedures,

Parallel simulation

involves running client data through programs under the control of the auditor that are presumed to be identical to the ones being applied by the client.

Test data to test controls include:

Testing payment for hours not worked, testing withholding of taxes and Social Security, and to check for missing employee ID numbers.

Committee of Sponsoring Organizations of the Treadway Commission (COSO)

determined the development of a framework that has become the benchmark against which an entity's internal controls are evaluated.

A known misstatement

is a disagreement between the client and the auditor in a circumstance where the auditor believes that the client's position results in a departure from GAAP.

Generally Accepted Accounting Principles (GAAP)

is a general-purpose framework that includes both broad guidelines and detailed policies and procedures such as conventions and rules at a particular time

In a PCAOB examination of internal control that is integrated with an audit of financial statements

the examination is to obtain reasonable assurance as to the effectiveness of internal control; a statement describing the examination along with the auditor's belief that the examination supports the opinion expressed; a definition of internal control; an

The test data approach involves

running data compiled by the auditor through the client's IT system. The data will include certain errors, and be used to determine if the client's IT system will deal with them appropriately. The test data will only include errors or conditions that the

When internal controls are effective

the client's data is more competent so the auditor can obtain more assurance about the accounting data and financial statements. Sufficiency, not competence, refers to the amount of evidence. The auditor's direct personal knowledge is the most competent f

Tracing inventory to purchase documents provides evidence that

the entity actually purchased goods included in inventory, supporting the rights and obligations assertion. It also provides the auditor evidence of the cost of the inventory, which can be used in cost or market evaluations, supporting the valuation and a

To test completeness of inventory

the auditor will vouch items from the physical count of inventory to the accounting records.

To test existence of inventory

the auditor will trace items from the accounting records to the physical counts.

A report on the internal control of an issuer is integrated with an audit of the financial statements and, as a result, the auditor evaluates internal control for the period covered by the financial statements up through

the date of the financial statements.

The auditor's opinion of an issuer's internal control applies as of which date?

The date of the financial statements.

Section 206 of Sarbanes-Oxley prohibits a firm from performing an audit for an issuer is someone in a key position was employed in the audit practice of the audit firm during the

one-year period prior to the audit.

Management's discussion and analysis

although presented in accompaniment with the financial statements, is not an integral part of them and is not considered financial statement disclosure.

According to Title III of the Sarbanes-Oxley Act of 2002, the CEO and CFO of a public company must explicitly certify in each annual or quarterly report that they

reviewed the report; that the report does not contain any untrue statement of material fact or omission of material fact; that financial position and results of operations are fairly presented; and that the signing officers are responsible for establishin

In an attest engagement to report on an entity's internal controls, management will present an assertion about the effectiveness of internal controls and the auditor will express assurance on the reasonableness of that assertion.

The CPA does not have to rely on internal controls in an audit and does not have to be the auditor of the entity's financial statements. The internal control report can be a general use report.

Audit risk

is the risk that the auditor will issue an unmodified report despite the fact that the financial statements are materially misstated (IR

When a group auditor decides to take responsibility for the work of all component auditors

the auditor will issue an unmodified report.

How do the scope, procedures, and purpose of an examination of internal control compare to those for obtaining an understanding of internal control and assessing Risk of Material Misstatement as part of an audit?

Different scope, similar procedures, and different purpose.

By confirming accounts receivable directly with customers

the auditor is obtaining evidence supporting the assertions of existence and valuation.

An analysis of inventory turnover will indicate if

items are not selling quickly indicating they are slow-moving or may be obsolete or damaged.

A change in the useful life of an asset is a change in accounting estimate that

does not affect consistency.

Each page of the entity's reviewed financial statements should make reference to

the accountant's review report. AR �90.29 suggests the reference, 'See Independent Accountant's Review Report.'

GAGAS requires the report to include

information about the auditor's knowledge that fraud or noncompliance (illegal acts) have occurred or are likely to have occurred as well as on deficiencies in internal control.

CPAs performing compilation engagements apply their accounting and financial expertise to

assist management in presenting the entity's financial statements (F/S). CPAs in this situation compile the information that management was responsible for gathering and processing (ie, representation of management). They provide no assurance because CPAs

A purpose of analytical procedures in the overall final review in an audit is to

give the auditor the opportunity to determine if the financial statements, taken as a whole, reflect the auditor's impressions of the client's financial position and results of operations, and to evaluate whether or not sufficient appropriate audit eviden

Statements on Quality Control Standards (SQCSs) require each CPA firm to establish a system of quality control (QC) to provide reasonable assurance that the firm and its personnel will comply with standards/regulations relevant to the audit and accounting

Human Resources, Ethical Requirements, Acceptance and continuence of clients, Leadership Responsibilities, Monitoring, Engagement preformance (HEAL-ME)

The integrated test facility approach involves

setting up a fictitious company or branch and having the auditor submit transactions to test the system; it does not involve using a program under the auditor's control.

Reliability of audit evidence refers to the quality of the evidence, while sufficiency refers to the quantity.

When evidence is internally generated, it is more reliable when developed under an effective system of internal control than one that is not.

The primary purpose of tests of details

is to detect material misstatements to the financial statements.

The accounts payable department compares

the vendor's invoice to a receiving report to make certain all goods being paid for were received, and to the purchase order to make certain all goods were ordered. The supporting documentation is cancelled as soon as a check is signed.

A digital signature is a

mathematical scheme primarily used to verify the authenticity of a signature; it can also be used to ensure that a message, like a signature, has not been tampered with.

Free rents received as part of an award to carry out a federal program are treated as

federal funds expended.