CPA Audit Exam (A5) || with error-free answers.
objective of an integrated audit correct answers -to express an opinion on the effectiveness of the
entity's IC
-auditor should plan and perform the engagement to obtain sufficient appropriate evidence to
obtain reasonable assurance about whether material weaknesses exist as of the date specified in
managements assessment
conditions for integrated engagement performance:
Auditor Requirements (issuers and nonissuers)
Management Requirement (issuers and nonissuers)
Written Representation (issuers and nonissuers) correct answers Auditor Requirements (issuers
and nonissuers):
-plan and perform the integrated audit to achieve the objectives of both engagements
-use same control criteria to perform the audit of IC as management issues for its evaluation of
the effectiveness of the IC
-test of controls should be designed to provide sufficient appropriate evidence to support both the
opinion on IC and the control risk assessment needed for the FS audit
Management Requirement (issuers only):
-Section 404 requires each issuer's annual report to contain an IC report that"
1. states management's responsibility for establishing and maintaining an adequate IC structure
and procedures
2.contain as assessment of the effectiveness of the IC structure and procedures of issuer for
Financial reporting
,Management Requirement (issuers only):
an audit of IC can only be performed if management
-accepts responsibility for the effectiveness of IC
-evaluated the effectiveness
-supports its assessment
*management is responsibly for identifying and documenting control objective and the controls
that meet those objectives
*managements monitoring activities may provide evidence supporting it assertion
-provides a written assessment about the effectiveness of the entity IC in a report that
accompanies the auditor's report
*the "As of" date in management assertion should coincide with the date of the FS
*if management refuses to furnish a written assessment, the auditor should withdraw from the
engagement
Written Representation (issuers and nonissuers):
1. acknowledges its responsibility for establishing and maintaining effective IC, and states that
management has performed as assessment of the effectiveness of the IC
2. states management assessment as of a specified date and specifies the criteria used
3. affirms that management did not rely on the auditor proce
Planning the Integrated Engagement (issuers and nonissuers):
Overall Planning
Fraud Risk Assessment
Using the work of others correct answers Overall Planning:
developing an overall strategy for the scope and performance of the engagement. the auditor
should consider:
-matters affecting the industry of the entity
-prior knowledge of the entity's IC
,-matters concerning the entity and its business
-the relative complexity of entity operation as well as the extent of any recent changes in the
entity, its operations, or its IC
-managements method of evaluating control effectiveness
-judgments about materiality and risk
-previously communicated deficiencies, legal or regulatory matter
-the nature and extent of available evidence
-scaling the audit
Fraud Risk Assessment:
auditor's fraud risk assessment should be integrated into the audit of IC, the auditor consider
management fraud and management override of controls as areas of high risk. Controls that
might address these risk include controls over:
-significant or unusual transactions
-period end journal entries and adjustments
-related party transaction
-significant management estimates
Using the work of others:
-people who are sufficiently competent and objective, in evaluating the effectiveness of IC
-auditor should consider the risk associated with a particular control, in determining whether and
to what extent to use the work of others
top-down approach:
entity-level controls
identifying significant classes of transactions, Account Balances, Disclosures and assertions
, Selecting Controls to test correct answers entity-level controls:
include
-control environment
-management override
-company's risk assessment process
-centralized processing
-monitoring the results of operation
-monitoring other controls
-period-end financial reporting
-policies that address significant business control and risk management practice
identifying significant classes of transactions, Account Balances, Disclosures and assertions:
risk factors include
-account size and composition
-susceptibility to misstatement
-volume of activity, complexity, and homogeneity of transactions
-nature of the account
-accounting and reporting complexities
-exposure to loss
-the existence of related party transaction
-changes from the prior period
Selecting Controls to test:
the auditor should test those controls that are important in addressing the RMM
Testing Controls of integrated audit (issuers and nonissuers)
objective of an integrated audit correct answers -to express an opinion on the effectiveness of the
entity's IC
-auditor should plan and perform the engagement to obtain sufficient appropriate evidence to
obtain reasonable assurance about whether material weaknesses exist as of the date specified in
managements assessment
conditions for integrated engagement performance:
Auditor Requirements (issuers and nonissuers)
Management Requirement (issuers and nonissuers)
Written Representation (issuers and nonissuers) correct answers Auditor Requirements (issuers
and nonissuers):
-plan and perform the integrated audit to achieve the objectives of both engagements
-use same control criteria to perform the audit of IC as management issues for its evaluation of
the effectiveness of the IC
-test of controls should be designed to provide sufficient appropriate evidence to support both the
opinion on IC and the control risk assessment needed for the FS audit
Management Requirement (issuers only):
-Section 404 requires each issuer's annual report to contain an IC report that"
1. states management's responsibility for establishing and maintaining an adequate IC structure
and procedures
2.contain as assessment of the effectiveness of the IC structure and procedures of issuer for
Financial reporting
,Management Requirement (issuers only):
an audit of IC can only be performed if management
-accepts responsibility for the effectiveness of IC
-evaluated the effectiveness
-supports its assessment
*management is responsibly for identifying and documenting control objective and the controls
that meet those objectives
*managements monitoring activities may provide evidence supporting it assertion
-provides a written assessment about the effectiveness of the entity IC in a report that
accompanies the auditor's report
*the "As of" date in management assertion should coincide with the date of the FS
*if management refuses to furnish a written assessment, the auditor should withdraw from the
engagement
Written Representation (issuers and nonissuers):
1. acknowledges its responsibility for establishing and maintaining effective IC, and states that
management has performed as assessment of the effectiveness of the IC
2. states management assessment as of a specified date and specifies the criteria used
3. affirms that management did not rely on the auditor proce
Planning the Integrated Engagement (issuers and nonissuers):
Overall Planning
Fraud Risk Assessment
Using the work of others correct answers Overall Planning:
developing an overall strategy for the scope and performance of the engagement. the auditor
should consider:
-matters affecting the industry of the entity
-prior knowledge of the entity's IC
,-matters concerning the entity and its business
-the relative complexity of entity operation as well as the extent of any recent changes in the
entity, its operations, or its IC
-managements method of evaluating control effectiveness
-judgments about materiality and risk
-previously communicated deficiencies, legal or regulatory matter
-the nature and extent of available evidence
-scaling the audit
Fraud Risk Assessment:
auditor's fraud risk assessment should be integrated into the audit of IC, the auditor consider
management fraud and management override of controls as areas of high risk. Controls that
might address these risk include controls over:
-significant or unusual transactions
-period end journal entries and adjustments
-related party transaction
-significant management estimates
Using the work of others:
-people who are sufficiently competent and objective, in evaluating the effectiveness of IC
-auditor should consider the risk associated with a particular control, in determining whether and
to what extent to use the work of others
top-down approach:
entity-level controls
identifying significant classes of transactions, Account Balances, Disclosures and assertions
, Selecting Controls to test correct answers entity-level controls:
include
-control environment
-management override
-company's risk assessment process
-centralized processing
-monitoring the results of operation
-monitoring other controls
-period-end financial reporting
-policies that address significant business control and risk management practice
identifying significant classes of transactions, Account Balances, Disclosures and assertions:
risk factors include
-account size and composition
-susceptibility to misstatement
-volume of activity, complexity, and homogeneity of transactions
-nature of the account
-accounting and reporting complexities
-exposure to loss
-the existence of related party transaction
-changes from the prior period
Selecting Controls to test:
the auditor should test those controls that are important in addressing the RMM
Testing Controls of integrated audit (issuers and nonissuers)
