Assurance, Attestation, and Internal Auditing Services Chapter 21 Assurance, Attestation, and Internal Auditing Services McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
LO# 1 Assurance Services Assurance services are independent professional services that improve the quality of information, or its context, for decision makers.
LO# 1 Assurance Services
LO# 1 Decision Model
Types of Assurance Services LO# 2 Types of Assurance Services Risk Assessment Information System Reliability Business Performance Measurement Electronic Commerce PrimePlus Healthcare Performance Measurement
Attest Engagements LO# 3 Attest services occur when a practitioner is engaged to issue or does issue a report on subject matter, or an assertion about subject matter, that is the responsibility of another party.
Attest Engagements LO# 3
Types of Attest Engagements LO# 4 Types of Attest Engagements Attest Engagements Examination Review Agreed-Upon Procedures
Attestation Standards LO# 5 Attestation Standards Attestation Standards General Fieldwork Reporting
General Standards Adequate Technical Training & Proficiency LO# 5 General Standards Adequate Technical Training & Proficiency Adequate Knowledge of Subject Matter Subject Matter Capable of Evaluation Independence Due Professional Care
Standards of Fieldwork LO# 5 Standards of Fieldwork Adequate Planning & Supervised Assistants Obtain Sufficient Evidence
Standards of Reporting LO# 5 Standards of Reporting Identify Subject Matter or Assertion State Conclusion State Significant Reservations Restricted Use of Report in Certain Circumstances
Reporting on an Entity’s Internal Control over Financial Reporting The Federal Deposit Insurance Corporation Act of 1991 requires that the management of large financial institutions issue a report on the effectiveness of the institution’s internal control and that they engage accountants to attest to management’s report. The Sarbanes-Oxley Act of 2002 imposed similar requirements on all publicly held companies.
Conducting an Engagement LO# 6 Conducting an Engagement Necessary Conditions Management of the entity accepts responsibility for the effectiveness of the entity’s internal control. The responsible party evaluates the effectiveness of the entity’s internal control using suitable criteria (referred to as control criteria). Sufficient competent evidence exists or could be developed to support the responsible party’s evaluation. Management provides to the practitioner its written assertion based on control criteria referred to in its report.
Financial Forecasts and Projections LO# 7 Financial Forecasts and Projections Auditors have been asked to provide assurance with respect to prospective financial statements. The practitioner can examine, apply agreed-upon procedures, or compile the prospective financial statements if such statements are expected to be used by a third party.
LO# 7 Standard Forecast
LO# 7 Standard Projection
Agreed-Upon Procedures LO# 7
LO# 7 Standard Compilation
Accounting and Review Services LO# 8 Accounting and Review Services Many nonpublic businesses do not need an audit of their financial statements. However, these entities may employ a CPA to assist with preparing their financial statements, tax returns, or other financial documents. Compilations Reviews
LO# 8 Levels of Assurance
Compilation of Financial Statements LO# 8 Compilation of Financial Statements A compilation is defined as presenting, in the form of financial statements, information that is the representation of management or owners without expressing any assurance on the statements. Compilation with Full Disclosure Compilation that Omits Disclosures Compilation when CPA is not Independent
Compilation with Full Disclosure
Compilation Without Disclosures
Review of Financial Statements LO# 8 Review of Financial Statements A review is defined as the performance of inquiry and analytical procedures to provide the accountant with a reasonable basis for expressing limited assurance that no material modifications should be made to the statements in order for them to conform to GAAP (or other comprehensive basis of accounting).
Review of Financial Statements LO# 8 A Review Involves Obtain knowledge of the accounting principles and practices of the industry and an understanding of the entity’s business. Obtain a general understanding of the entity’s organization, its operating characteristics, and the nature of its assets, liabilities, revenues and expenses. Ask the entity’s personnel questions. Perform analytical procedures. Read the financial statements to determine if they conform to GAAP. Obtain reports from other accountants, if any. Obtain a representation letter from management.
Standard Review LO# 8
Going-Concern Uncertainty LO# 8 Conditions That May Result in Modification of a Compilation or Review Report Departure from GAAP Going-Concern Uncertainty
Review with GAAP Departure LO# 8 Review with GAAP Departure
Internal Auditing LO# 9 Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Institute of Internal Auditors (IIA) Standards LO# 9 Institute of Internal Auditors (IIA) Standards The IIA oversees and sets standards for internal auditing internationally. Standards and Ethics Practice Advisories Practice Aids
IIA Code of Ethics Principles Integrity Objectivity Confidentiality LO# 9 IIA Code of Ethics Principles Integrity Objectivity Confidentiality Competency
Internal Auditors’ Roles LO# 9 Internal Auditors’ Roles Evaluating Risks and Controls Reviewing Compliance Financial Auditing Operational Auditing
Internal Audit Function LO# 9
Interactions between Internal and External Auditors LO# 9 Interactions between Internal and External Auditors Before relying on the work of internal auditors, the external auditor must evaluate the internal auditors’ objectivity and competence. Some of the work performed by internal auditors is directly relevant to the work of the independent auditor.
Five Principles of Trust Services LO# 10 Security Five Principles of Trust Services Availability Processing Integrity Online Privacy Confidentiality
relating to Electronic Commerce LO# 11 WebTrust Services CPA WebTrust Assurance Services relating to Electronic Commerce
relating to Information Systems LO# 12 SysTrust Services SysTrust Assurance Services relating to Information Systems
CPA PrimePlus Services Consulting/Facilitating Services LO# 13 PrimePlus Services CPA PrimePlus Services Consulting/Facilitating Services Direct Services Assurance Services
End of Chapter 21