P1252428562RDLaZ

1

AUDIT II
Other Services and Governmental Auditing
Chapter 21 Assurance, Attestation, Other
Forms of Services WEB Outline Governmental
Auditing

2
Attestation Engagements (SSAE 10, AT 101)
An attestation engagement is one in which a
practitioner is engaged to issue or does issue
an examination, a review or an agreed-upon
procedures report on subject matter, or an
assertion about subject matter, that is the
responsibility of another party. Standards are
for attest engagements, but not for SAS, SSARS,
SSCS, or tax engagements.
3
They are a natural extension of (but do not
supersede) the 10 GAAS
4
(No Transcript)
5
Statements on Standards for Attestation
Engagements
AT 101 Attest Engagements AT 201 Agreed-Upon
Procedure Engagements AT 301 Financial Forecasts
and Projections AT 401 Reporting on Pro Forma
Financial Information AT 501 Reporting on an
Entitys Internal Control (See also AS No. 2) AT
601 Compliance Attestation AT 701 Managements
Discussion and Analysis
6
Reporting on Internal Control (SSAE 10, AT
501) ØApplicability. Practitioner evaluates the
effectiveness of an entity's internal control
over financial reporting ØAttest Services. May
examine or apply agreed-upon procedures to
management's assertion, but not a
review ØExamination engagement - practitioner's
expresses an opinion either on management's
assertion or on the system itself. Accumulates
sufficient evidence about the design and
operating effectiveness of the entity's I/C (Note
scope broader than F/S audit)
7

• ØConditions for Engagement Performance.
• Mgt. accepts responsibility for the effectiveness
  of I/C
• Mgt. evaluates the effectiveness of I/C
• Sufficient evidence exists to support mgts
  evaluation
• Mgt. presents its written assertion
• ØAssertion. E.g., "X Company maintained
  effective internal control over financial
  reporting as of 12/31
• ØDeficiencies in an entity's I/C should be
  communicated
• ØWritten management's representations should be
  obtained

• ØReport Modifications
• Material weaknesses Qualified or Adverse
  Opinion
• Other modifications similar to audit reports.

8
(No Transcript)
9
PCAOB - Auditing Standard No. 2
An Audit of Internal Control Over Financial
Reporting Performed in conjunction with an Audit
of Financial Statements
Management assesses the design and effectiveness
of internal control over financial reporting
using a suitable framework such as the Committee
of Sponsoring Organizations (COSO) of the
Treadway Commissions Internal Control
Integrated Framework, and issues a report on
effectiveness at a date (e.g., 12/31/x1). The
CPA evaluates the assessment and expresses an
opinion on managements assertion. In the same
report, the CPA expresses a second opinion
directly on the effectiveness of internal control
over financial reporting.
10
A control deficiency exists when the design or
operation of a control does not allow management
or employees to prevent or detect misstatements
on a timely basis. A significant deficiency is
a control deficiency, or combination of control
deficiencies, that adversely affects the
companys ability to initiate, authorize, record,
process, or report external financial data
reliably in accordance with GAAP. A material
weakness is a significant deficiency, or
combination of significant deficiencies, which
results in more than a remote likelihood that a
material misstatement of the annual or interim
financials statements will not be prevented. A
material weakness requires the auditor to express
an adverse opinion on internal control and
precludes management from assessing that internal
control is effective. The opinion on internal
control must in conjunction with the audit of the
financial statements. A single report or two
separate reports may be issued.
11
Prospective Financial Statements (SSAE 10, AT
301) ØA financial forecast consists of PFSs that
present an entity's expected financial position,
results of operations, and cash flows. Based on
the responsible party's (usually management)
assumptions reflecting conditions it expects to
exist and the course of action it expects to
take ØA financial projection differs from a
forecast in that it is based on one or more
hypothetical assumptions Single point estimate
or a range
12
ØAccountant can compile, examine, or apply
agreed-upon procedures to prospective financial
statements (PFSs) but not review ØLimited use
of PFSs means use by the responsible party and
those with whom that party is negotiating
directly ØGeneral use of PFSs means use by any
persons. Only an examination of a financial
forecast is for general use ØReport
(Examination) Identification of PFSs
responsible party Made in accordance with AICPA
standards and nature of examination Opinion Caveat
that results may not be achieved Statement about
no responsibility to update report
13
Review (SSARS and SAS 71) ØAccountant must gain
understanding of the client and
industry ØAccountant must be independent ØReview
procedures consist of inquiries and analytical
procedures Must obtain a representation
letter For SSARS need not obtain an
understanding of internal control or assess
control risk but for SAS 71 must
14
If information appears incorrect, incomplete, or
unsatisfactory, apply additional
procedures. Working papers should be
prepared. For a SAS 71 review, must have
done audit.
15
Standard Review Report for SSARS
16

• Special Reports (AU 623)
• ØSpecial reports may be issued on
• Other comprehensive basis of accounting (OCBOA).
• Specified elements, accounts, or items of a FS.
• Compliance with aspects of contractual agreements
  or regulatory requirements.
• Financial presentations to comply with
  contractual agreements or regulatory provisions.
• Financial information presented in prescribed
  forms or schedules that require a prescribed form
  of auditor's report

17
Reporting on FS Prepared in Conformity with an
OCBOA
OCBOA - Terms such as balance sheet, statement of
financial position, statement of income,
statement of operations, and statement of cash
flows should not be used.
18

• Reports on the Processing of Transactions by
  Service Organizations (SAS 70 - AU 324)
• ØThis pronouncement concerns
• Factors to be considered by an auditor whose
  client uses a service organization to process
  certain transactions.
• Guidance to auditors who issue reports on the
  processing of transactions by a service
  organization for use by other auditors.
• ØReport on policies and procedures placed in
  operation vs. report on policies and procedures
  placed in operation and tests of operating
  effectiveness.

19
Assurance Services ØAssurance services are
independent professional services that improve
the quality of information, or its context, for
decision makers. ØInformation might be
financial or nonfinancial, historical or
prospective, comprise data or relate to systems,
or be internal or external to the user.
ØAssurance services encompass audit and other
attestation services, but include other,
nonstandard, services as well. Unless the
services fall under the AICPAs attestation
standards, assurance services do not require
written assertions.
20

• ØAssurance services evolve naturally from
  attestation services, which in turn evolved from
  audits. The roots of all three are in independent
  verification. However, the form and content of
  assurance services differ. Traditional
  audit-related services are highly structured and
  considered to be relevant to a large number of
  users. The newer ones are more customized and
  targeted services intended to be highly useful in
  more limited circumstances. For example
• Risk Assessment
• Business Performance Measurement
• Information System Reliability
• Electronic Commerce
• Heath Care Performance Measurement
• ElderCare

21
ØAssurance services do not encompass consulting
services. There are often similarities between
assurance and consulting services because they
are delivered using a similar body of knowledge
and skills. However, assurance services differ
from consulting services in two ways (1) they
focus on improving information rather than
providing advice and (2) they generally entail
situations where one party wants to monitor
another (even when they work for the same
company) rather than the two-party arrangements
common in consulting engagements.
22
GOVERNMENTAL AUDITING (AU 801 - SAS
74) Government Accountability Office (GAO)
establishes auditing standards and issues
Government Auditing Standards (The Yellow
Book) Types of Audits ØFinancial audits -
Financial statement and financial
related Financial statement must include
written Opinion on the financial
statements Report on compliance with laws and
regulations Report on I/C (Reportable
conditions) ØAttestation engagements -
examinations, reviews and agreed-upon
procedures. ØPerformance audits - Economy and
efficiency and program results In general, the
auditor accepts a greater scope and more
responsibility for a governmental audit
23
GAS - Basically the same as GAAS with
additional Independence - Personal, External,
Organizational Professional Judgment - Use
it Competence - Audit team should be
competent Quality Control - Quality review
every 3 years Auditor Communication - To
necessary parties Follow Up - On results of
previous engagements Detecting Contract
Violations and Abuse - Required Audit
Documentation - Allow another auditor to judge
evidence Compliance with GAGAS - State in
report Reporting - Internal control
compliance with laws regs Views of Officials
- Report Privileged Information - State if
there was any Report Issuance - Distribute to
appropriate officials
24

• Single Audit Act (amended 1996) Prior to 1984,
  federal agencies that provided financial
  assistance to state and local governments audited
  specific grants, contracts, subsidies, etc.
• The Act requires a single audit for entities
  expending federal dollars of (Old 300,000)
  500,000 or more. OMB Circular 133 and
  Compliance Supplements define the required
  auditing.
• Audit Major Programs based on risk
• Provide I/C and compliance tests of at least 50
• Test both common and programmatic laws and
  regs
• Report to cognizant agency and send reports to
  clearing house