SA

AUD
M
PL

2023 SuperfastCPA Review Notes

E
U
SE
TABLE OF CONTENTS

I. ETHICS, PROFESSIONAL RESPONSIBILITIES AND GENERAL PRINCIPLES 1

A. NATURE AND SCOPE 1
1. NATURE AND SCOPE OF AUDIT ENGAGEMENTS 1
2. NATURE AND SCOPE OF GAO AUDITS 5
SA
3. NATURE AND SCOPE OF OTHER ENGAGEMENTS 7
B. ETHICS, INDEPENDENCE, AND PROFESSIONAL CONDUCT 10
1. AICPA CODE OF PROFESSIONAL CONDUCT 10
2. REQUIREMENTS OF SEC AND PCAOB 14
M
3. REQUIREMENTS OF THE GAO AND THE DOL 16
4. PROFESSIONAL SKEPTICISM AND PROFESSIONAL JUDGMENT 19
PL
C. TERMS OF ENGAGEMENT 20
1. PRECONDITIONS FOR AN ENGAGEMENT 20
2. TERMS OF ENGAGEMENT AND ENGAGEMENT LETTER 21
E
D. REQUIREMENTS FOR ENGAGEMENT DOCUMENTATION 22
E. COMMUNICATION WITH MANAGEMENT AND THOSE CHARGED WITH
GOVERNANCE 23
U
1. PLANNED SCOPE AND TIMING OF AN ENGAGEMENT 23
SE
2. INTERNAL CONTROL RELATED MATTERS 24
F. A FIRM'S SYSTEM OF QUALITY CONTROL 26
II. ASSESSING RISK AND DEVELOPING A PLANNED RESPONSE 28
A. PLANNING AN ENGAGEMENT 28
1. DEVELOPING AN OVERALL ENGAGEMENT STRATEGY 28
 2. DEVELOPING A DETAILED ENGAGEMENT PLAN 29
B. UNDERSTANDING AN ENTITY AND ITS ENVIRONMENT 34
1. EXTERNAL FACTORS 34
2. INTERNAL FACTORS 35
C. UNDERSTANDING AN ENTITY'S CONTROL ENVIRONMENT AND BUSINESS
PROCESSES 36
SA
1. CONTROL ENVIRONMENT, IT GENERAL CONTROLS AND ENTITY-LEVEL
CONTROLS 36
2. BUSINESS PROCESSES AND THE DESIGN OF INTERNAL CONTROLS,
INCLUDING IT SYSTEMS 39
M
3. IMPLICATIONS OF AN ENTITY USING A SERVICE ORGANIZATION 48
4. LIMITATIONS OF CONTROLS AND RISK OF MANAGEMENT OVERRIDE 50
PL
D. ASSESSING RISKS DUE TO FRAUD, INCLUDING DISCUSSIONS AMONG THE
ENGAGEMENT TEAM ABOUT THE RISK OF MATERIAL MISSTATEMENT DUE TO
FRAUD OR ERROR 52
E. IDENTIFYING AND ASSESSING THE RISK OF MATERIAL MISSTATEMENT 53
E
1. IMPACT OF RISKS AT THE FINANCIAL STATEMENT LEVEL 53
2. IMPACT OF RISKS FOR EACH RELEVANT ASSERTION AT THE TRANSACTION
U
CLASS, ACCOUNT BALANCE, AND DISCLOSURE LEVELS 54
3. FURTHER PROCEDURES RESPONSIVE TO IDENTIFIED RISKS 55
SE
F. MATERIALITY 56
1. FOR THE FINANCIAL STATEMENTS AS A WHOLE 56
2. TOLERABLE MISSTATEMENT AND PERFORMANCE MATERIALITY 57
G. PLANNING FOR AND USING THE WORK OF OTHERS 58
 H. SPECIFIC AREAS OF ENGAGEMENT RISK 61
1. AN ENTITY'S COMPLIANCE WITH LAWS AND REGULATIONS, INCLUDING
POSSIBLE ILLEGAL ACTS 61
2. ACCOUNTING ESTIMATES 63
3. RELATED PARTIES AND RELATED PARTY TRANSACTIONS 65
III. PERFORMING FURTHER PROCEDURES AND OBTAINING EVIDENCE 66
SA
A. SUFFICIENT APPROPRIATE EVIDENCE 66
B. GENERAL PROCEDURES TO OBTAIN SUFFICIENT APPROPRIATE EVIDENCE 67
C. SPECIFIC PROCEDURES TO OBTAIN SUFFICIENT APPROPRIATE EVIDENCE 73
M
1. ANALYTICAL PROCEDURES 73
2. EXTERNAL CONFIRMATIONS 76
PL
3. AUDIT DATA ANALYTICS 77
D. SPECIFIC MATTERS THAT REQUIRE SPECIAL CONSIDERATION 80
1. ACCOUNTING ESTIMATES 80
E
2. INVESTMENTS IN SECURITIES 82
3. INVENTORY AND INVENTORY HELD BY OTHERS 83
4. LITIGATION, CLAIMS, AND ASSESSMENTS 84
U
5. AN ENTITY'S ABILITY TO CONTINUE AS A GOING CONCERN 85
E. MISSTATEMENTS AND INTERNAL CONTROL DEFICIENCIES 86
SE
F. WRITTEN REPRESENTATIONS 88
G. SUBSEQUENT EVENTS AND SUBSEQUENTLY DISCOVERED FACTS 89
IV. FORMING CONCLUSIONS AND REPORTING 91
A. REPORTS ON AUDIT ENGAGEMENTS 91
 1. FORMING AN AUDIT OPINION, INCLUDING MODIFICATION OF AN
AUDITOR'S OPINION 91
2. FORM AND CONTENT OF AN AUDIT REPORT, INCLUDING THE USE OF
EMPHASIS-OF-MATTER AND OTHER-MATTER PARAGRAPHS 95
3. AUDIT OF INTERNAL CONTROL INTEGRATED WITH AN AUDIT OF FINANCIAL
STATEMENTS 105
B. REPORTS ON ATTESTATION ENGAGEMENTS 109
SA
1. GENERAL STANDARDS FOR ATTESTATION REPORTS 109
2. AGREED-UPON PROCEDURES REPORTS 110
3. REPORTING ON CONTROLS AT A SERVICE ORGANIZATION 113
M
C. ACCOUNTING AND REVIEW SERVICE ENGAGEMENTS 114
1. PREPARATION ENGAGEMENTS 114
PL
2. COMPILATION REPORTS 115
3. REVIEW REPORTS 116
D. REPORTING ON COMPLIANCE 120
E
E. OTHER REPORTING CONSIDERATIONS 121
1. COMPARATIVE STATEMENTS AND CONSISTENCY BETWEEN PERIODS 121
U
2. OTHER INFORMATION IN DOCUMENTS WITH AUDITED STATEMENTS 122
3. REVIEW OF INTERIM FINANCIAL INFORMATION 123
SE
4. SUPPLEMENTARY INFORMATION 124
5. ADDITIONAL REPORTING REQUIREMENTS UNDER GAO GOVERNMENT
AUDITING STANDARDS 125
6. SPECIAL-PURPOSE AND OTHER COUNTRY FRAMEWORKS 126
I. ETHICS, PROFESSIONAL RESPONSIBILITIES AND GENERAL PRINCIPLES
A. NATURE AND SCOPE

1. NATURE AND SCOPE OF AUDIT ENGAGEMENTS

The purpose of an audit is to have an independent auditor issue an opinion as to

whether the financial statements are presented fairly according to the applicable
SA
framework.

Non-Issuer Audits

These are non-public companies, and audits of non-issuers are subject to the
clarified auditing standards (AU-Cs) issued by Auditing Standards Board (ASB).
M
Objectives of an Audit of Financial Statements According to AU-C 200

● Obtain reasonable assurance that the financial statements are free from
PL
material error, which allows the auditor to express an opinion whether the
statements are presented fairly according to the applicable framework.
● Report on the financial statements, and communicate as required by GAAS
(generally accepted auditing standards), in accordance with the auditor’s
E
findings.

Issuer Audits (public companies)

U
These audits are subject to the PCAOB’s Auditing Standards (AS 1015 for example).

Objective of the Independent Auditor According to AS 1001

SE
The objective of the ordinary audit of financial statements by the independent
auditor is the expression of an opinion on the fairness with which they present, in
all material respects, financial position, results of operations, and its cash flows in
conformity with generally accepted accounting principles. The auditor's report is
the medium through which the auditor expresses their opinion, or, if circumstances
require, disclaims an opinion. In either case, the auditor states whether the audit
has been performed in accordance with the standards of the PCAOB. These
Page | 1 © SuperfastCPA.com
standards require the auditor to state whether, in their opinion, the financial
statements are presented in conformity with generally accepted accounting
principles and to identify those circumstances in which such principles have not
been consistently observed in the preparation of the financial statements of the
current period in relation to those of the preceding period.

In both cases the main objective of an audit is to have an independent auditor

express an opinion on whether the financial statements are presented fairly based
SA
on the applicable reporting framework.

Assertions

The “assertions” are key to the whole audit process. The assertions are the
M
underlying claims made by management about the financial statements. When
management gives the auditor their listing of PP&E for example, management is
essentially making the “claim”, or assertion, that the items on that list actually
PL
exist, that the list is complete (nothing left out), that the business actually owns
the items listed, and that the values of the items are listed correctly. The auditor
then assesses the risk of material misstatement based on these assertions and
performs audit procedures. That’s how the audit works in a nutshell.
E
It helps a LOT to just “think” about the meaning of the words, especially in the
context of the question being asked. For example, “completeness”… this includes
procedures or tests to determine if a population is complete- or if everything has
U
been included that should be included.

They are grouped into 2 categories:

SE
Account balances, and related disclosures, at the period end: (6 assertions)

1. Existence. Assets, liabilities, and equity interests exist.

2. Rights and obligations. The entity holds or controls the rights to assets, and
liabilities are the obligations of the entity.

Page | 2 © SuperfastCPA.com
 3. Completeness. All assets, liabilities, and equity interests that should have
been recorded have been recorded, and all related disclosures that should
have been included in the financial statements have been included.
4. Accuracy, valuation, and allocation. Assets, liabilities, and equity interests
have been included in the financial statements at appropriate amounts, any
resulting valuation or allocation adjustments have been appropriately
recorded, and related disclosures have been appropriately measured and
SA
described.
5. Classification. Assets, liabilities, and equity interests have been recorded in
the proper accounts.
6. Presentation. Assets, liabilities, and equity interests are appropriately
aggregated or disaggregated and clearly described, and related disclosures
M
are relevant and understandable in the context of the requirements of the
applicable financial reporting framework.
PL
Classes of transactions and events, and related disclosures, for the period under
audit: (6 assertions)

1. Occurrence. Transactions and events that have been recorded or disclosed

have actually occurred, and such transactions and events pertain to the
E
entity.
2. Completeness. All transactions and events that should have been recorded
have been recorded, and all related disclosures that should have been
U
included in the financial statements have been included.
3. Accuracy. Amounts and other data relating to recorded transactions and
SE
events have been recorded appropriately, and related disclosures have been
appropriately measured and described.
4. Cutoff. Transactions and events have been recorded in the correct accounting
period.
5. Classification. Transactions and events have been recorded in the proper
accounts.
6. Presentation. Transactions and events are appropriately aggregated or
disaggregated and clearly described, and related disclosures are relevant and
Page | 3 © SuperfastCPA.com
 understandable in the context of the requirements of the applicable financial
reporting framework.

Read through the assertions until you understand them. This makes everything
about AUD easier to understand.
SA
M
PL
E
U
SE

Page | 4 © SuperfastCPA.com
2. NATURE AND SCOPE OF GAO AUDITS

The GAO issues Government Auditing Standards (Yellow Book) - also referred to as
GAGAS (generally accepted government auditing standards) - and these standards
apply to audits involving federal government programs or activities, or other
entities that receive federal funds.

The objective of a financial statement audit under GAGAS is similar to a

SA
non-government audit: determining whether the financial statements are
presented fairly based on the applicable reporting framework.

Additionally, GAGAS audits require separate reporting on internal controls and

adherence to applicable laws and regulations, depending on the entity being
M
audited. Therefore, the scope of a GAGAS audit is larger than a non-government
audit.
PL
Single Audits

State and local government agencies that spend at least $750,000 in federal
funding must get a “single audit”.

The point of a single audit to verify that federal funds have been spent according to
E
the programs the funds were received for.

Materiality for single audits is determined separately for each major federal
U
financial assistance program.

Governmental auditing standards require a separate report on internal control that

SE
includes a description of the scope of the auditor’s work in obtaining an
understanding of internal control. This report will also include any significant
deficiencies or material weaknesses noted. BUT, the regular audit report and the
report on internal controls can be combined.

A government audit will also include a report on compliance with laws, regulations,
and the provisions of any grant agreements.

Page | 5 © SuperfastCPA.com
So an audit subject to the yellow book standards includes 3 reports:

● An audit report.
● A report on internal control (this and the audit report can be combined).
● A report on any applicable compliance with laws or regulations.

In a government audit, the auditor is required to report any fraud or illegal acts to
outside authorities IF:
SA
● Management fails to report the information as required by law,
● OR, if management fails to take timely action to respond to the fraud or
illegal act.
M
PL
E
U
SE

Page | 6 © SuperfastCPA.com
3. NATURE AND SCOPE OF OTHER ENGAGEMENTS

For non-audit engagements, there are basically two categories:

1) Engagements dealing with historical financial statements that are not a full
audit engagement.

The AICPA’s SSARs govern these types of engagements, and they include:
SA
● Reviews - provides limited assurance, is an attest engagement.
● Compilations - provides no assurance, is an attest engagement.
● Preparation of financial statements - provides no assurance, is not an attest
engagement.
M
These services apply to non-issuers (non-public companies). Each of these
engagement types require an engagement letter, and a report from the auditor is
part of both reviews and compilations, but there is no report issued with a
PL
preparation of financial statements. See the details of each engagement type
below.

2) Engagements dealing with written representations or subject matter other

than historical financial statements.
E
The AICPA’s Statements on Standards for Attestation Engagements (SSAEs) apply to
these types of engagements. These include:
U
● Examination engagements
● Review engagements (different from a financial statement review above)
SE
● Agreed-upon procedures engagements

SSARs or “Statements on Standards for Accounting and Review Services”

These standards apply to “reviews”, “compilations”, and “preparation of financial

statements”.

Page | 7 © SuperfastCPA.com
A review is an attestation engagement that provides “limited assurance” that there
are no material modifications that should be made to the financial statements. For
a review, the auditor must be independent.

The basics of a review are:

● Possess knowledge of a client’s industry.

● Determine materiality for the financial statements as a whole, and design and
SA
perform review procedures to address all material items
● Apply analytical procedures
● Perform inquiries of management
● Obtain a representation letter
M
Each page of an entity’s financial statements that have been ‘reviewed’ should
include the reference “See Accountant’s Review Report”.

In a review engagement, the auditor is NOT required to obtain an understanding of

PL
internal controls.

A compilation is basically assisting management to draft the financial statements,

without providing ANY level of assurance. It is an attestation engagement but NOT
E
an assurance engagement. Also, a compilation can be performed for prospective or
pro-forma information in addition to historical financial statements.

An auditor does NOT have to be independent to do a compilation for a client since

U
no assurance is provided. BUT, if the auditor is not independent, the accountant
should disclose this fact in the compilation report.
SE
The compilation report explicitly states that the financial statements have not been
audited, and that the accountant has compiled the financial statements.

Remember that no procedures whatsoever are performed on the data in a

compilation. The auditor is expected to understand the client and the client’s
industry, but no audit procedures of any kind are performed since no assurance is
being provided.

Page | 8 © SuperfastCPA.com
Preparation of financial statements: this is what it sounds like. The accountant
takes the information from management and prepares the financial statements. A
preparation is a nonattest service.

The accountant does NOT have to be independent for this type of engagement.

There should be an engagement letter that outlines management’s responsibilities

& the accountant’s responsibilities.
SA
Each page of the financial statements should include a statement that no
assurance is provided.

SSAEs or “Statements on Standards for Attestation Engagements”

M
For all types of engagements under the SSAEs, the CPA needs to be independent.

Examinations
PL
These are in-depth engagements where the CPA ultimately obtains reasonable
assurance about the subject matter being fairly stated or in accordance with
applicable criteria (that it is what it says it is). It differs from an audit in that it’s not
dealing with historical financial statements. A report is issued that provides the
E
CPA’s opinion as to whether the subject matter conforms to the criteria.

Direct Examination Engagements

U
Attestation Review Engagements (not a financial statement review)
SE
In this type of engagement, the CPA is providing limited assurance that the subject
matter conforms to the criteria, and again, the subject matter can be a number of
things, just not historical financial statements or it would be a financial statement
review. A report is issued that contains a conclusion about whether there is a need
for any material modifications in order to be in accordance with the criteria.

Agreed Upon Procedures Engagements

Page | 9 © SuperfastCPA.com
In this type of engagement, a CPA is engaged to perform procedures and report
findings based on the criteria set by the specified parties. A report is issued that
describes the procedures performed and the findings as a result of the procedures.

B. ETHICS, INDEPENDENCE, AND PROFESSIONAL CONDUCT

1. AICPA CODE OF PROFESSIONAL CONDUCT

SA
One of the main points of the code of professional conduct is for CPAs to go above
and beyond the minimum requirements to show the public that CPAs are willing to
accept responsibility to the public.

Along with that, CPAs should not only be competent with the professional services
M
they provide, they should also cooperate with other CPAs to improve the
accounting profession.
PL
The 3 main groups of rules that CPAs must honor involve:

● Integrity
● Objectivity
● Independence
E
As far as gifts from clients go, the 2 things to keep in mind are:

● Gifts from clients cannot violate the client’s laws or regulations, OR the CPA’s
U
laws or regulations.
● Even if a gift isn’t explicitly violating any laws, it still needs to be “reasonable
under the circumstances”.
SE
When a CPA disagrees with their superior about the treatment of a significant
transaction, if the discussion with the superior does not resolve the issue, then the
CPA should go over the superior’s head.

Page | 10 © SuperfastCPA.com
Even if a CPA has not handled a certain type of transaction or tax issue before, they
can still accept such engagements if they believe in good faith that they can
research the issues and handle them properly.

Outsourcing professional services requires the notification and approval of the

client. If the client doesn’t want any of their services outsourced, the CPA should
either not outsource the work, or not accept the engagement in the first place.
SA
The client controls who a CPA can release audit documentation to, unless ordered
by a court or the CPA society’s quality review board. Even if a CPA firm is
purchased, the client has to agree that the purchaser can access the audit
documentation.
M
Also, client records are owned by the client and must be returned to the client
upon request, even if the CPA has not been paid yet. Schedules or workpapers that
the CPA has prepared do NOT need to be returned to the client if the client has not
PL
paid.

A CPA that fails to pay their own income tax is considered an act discreditable to
the profession.
E
A CPA cannot receive a contingent fee for attest-related services. A CPA can receive
a contingent fee for a private letter ruling.

Accepting a commission for recommending a product to an audit client is

U
essentially a kickback and is prohibited.

Tax accountants can accept referral fees and commissions if they are disclosed to
SE
the client.

The only times a CPA should provide confidential client information to another
party is:

● A review of the CPA’s professional practice by the state CPA society.

● An inquiry from the professional ethics division of the AICPA.
● A court-ordered subpoena.
Page | 11 © SuperfastCPA.com
 ○ (A mere request or letter from the SEC or IRS does NOT count, and the
CPA should never provide client information until there is an actual
court-ordered subpoena).

As long as the information is accurate, informative, and truthful, a CPA can

advertise his or her services like other businesses advertise.

Independence Rules
SA
All CPAs should be independent when involved in attest services.

If the code and its interpretations do not directly provide guidance for a certain
situation, then the conceptual framework should be applied.
M
Threats to independence are concentrated in 4 areas:

● Financial relationships: An audit partner can’t own stock in an audit client.

● Employment relationships: An audit partner cannot be on the board of an
PL
audit client.
● Family relationships: An audit partner should not audit his brother’s
company.
● Consulting relationships: An audit firm cannot provide internal audit
E
consulting to an audit client.

Covered Members
U
You’ll see questions on the exam about “covered members”, which means
someone who falls under the independence rules based on their situation. The
SE
following would be considered covered members:

● Any member of the attest engagement team.

● Any person in a position to influence the attest engagement.
● A partner or manager that provides more than 10 hours of nonattest services
to the client within the fiscal year.
● A partner in the same office as the lead engagement partner.

Page | 12 © SuperfastCPA.com
If a “covered member” is very wealthy and has no investments that are individually
material to that member, they still cannot have a direct investment in an attest
client, no matter how small. That includes mutual funds.

The member’s spouse also cannot have a direct financial interest.

An audit firm can lease office space from an attest client as long as the operating
lease is on normal terms and all amounts are paid on time and in accordance with
SA
the terms of the lease.
M
PL
E
U
SE

Page | 13 © SuperfastCPA.com
2. REQUIREMENTS OF SEC AND PCAOB

SEC Rules

The rules from the SEC for independence and professional conduct are very similar
to the AICPA rules.

Main requirements as a CPA to audit a public company:

SA
● Must be in good standing and registered under the laws of the CPA’s state.
● Must be independent and capable of exercising objective and impartial
judgment.

Other things to know:

M
● The CPA (firm) or the CPA’s direct family members can’t have a direct
investment in an audit client such as stocks or bonds.
● Members/employees of the firm own more than 5% of the stock of an audit
PL
client.
● Can’t have direct or material indirect investment in a company that the audit
client has a material investment in, nor in a company that has a material
investment in the audit client.
E
● Can’t have a credit card issued from an audit client if the balance is $10,000
or more owed to the client.
● An audit client can’t make a direct investment in the accounting firm.
U
SE

Page | 14 © SuperfastCPA.com
PCAOB Rules

SOX created the PCAOB to govern public company audit firms and creates
standards for such audits.

Specific rules you might see a question on:

● Any kind of contingent fee charged to an audit client impairs independence.

● Members of the audit firm impair their independence if they perform any tax
SA
service to a person in a financial reporting oversight role from the audit
client.
● Tax consulting services can be performed for a public company audit client if
it is pre-approved by the client’s audit committee. The CPA firm is required to
M
describe the scope and compensation for the service, discuss it with the audit
committee, and document the discussion.
● Other non-audit services can be approved in this same way, except for
PL
consulting related to internal controls over financial reporting.
E
U
SE

Page | 15 © SuperfastCPA.com
3. REQUIREMENTS OF THE GAO AND THE DOL

GAO Standards

Again, these are very similar to the AICPA code of professional conduct.

Auditors who perform GAGAS audits are expected to be independent, and adhere
to the following ethical principles:
SA
● The public interest.
● Integrity.
● Objectivity.
● Proper use of government info and resources in performing audits; auditor
should never use government resources for personal gain.
M
● Professional behavior including avoiding conflicts of interest, complying with
applicable laws and regulations, and meeting technical and professional
PL
standards.

The GAO’s ethical principles apply to firms that audit federal government agencies,
or schools/entities that receive federal grants. They do not apply to audit firms that
audit public companies.
E
According to the GAO’s standards, there are 3 types of impairments to
independence:
U
● Personal
● External
● Organizational
SE
GAO standards allow for auditors to perform non-audit services for their audit
clients. One thing they cannot do is design an entity’s accounting system and then
audit the entity.

Auditors that perform GAGAS audits should complete 24 hours of yellowbook CPE
every two years.

Page | 16 © SuperfastCPA.com
Threats to Independence from GAGAS Conceptual Framework

● Self-interest threat: that financial reasons or other personal interests will

inappropriately influence the auditor’s judgment or behavior.
● Self-review threat: if the auditor has previously provided nonaudit services,
they might not appropriately evaluate previous judgments or services
provided as they make significant judgements on an GAGAS engagement.
● Bias threat: that the auditor might take a position or make a judgment that is
SA
not objective based on political, ideological, social, or other personal
convictions.
● Familiarity threat: that a relationship with management or personnel of an
audited entity might result in judgements that are not objective.
M
● Undue influence threat: that influences or pressures from sources external to
the audit organization could result in judgments that are not objective.
● Management participation threat: the auditor taking on a role in
PL
management or performing management functions on behalf of the audited
entity could result in judgments that are not objective.
● Structural threat: that the placement of the audit organization within a
government entity, in combination with the structure of the government
E
entity being audited could affect the audit organization’s ability to perform
work and report results objectively (this threat is specific to the GAO
standards and isn’t included in the AICPA’s conceptual framework).
U
SE

Page | 17 © SuperfastCPA.com
Department of Labor Rules

The DOL rules in this context mostly deal with the audit of employee benefit plans
under ERISA.
SA
Most DOL audits follow government auditing standards, which include audits of
compliance with laws or evaluating the effectiveness of achieving program results.

Like with the other rules, the big overriding rule is that auditors must be
independent. The two broad categories that would impair independence are
M
financial (having a direct financial interest in an entity to be audited) and
employment ties to a plan sponsor.
PL
E
U
SE

Page | 18 © SuperfastCPA.com
4. PROFESSIONAL SKEPTICISM AND PROFESSIONAL JUDGMENT

Due professional care requires the auditor to exercise professional skepticism.

Professional skepticism has several key tenants:
● Includes a “questioning mind” and a “critical assessment of audit evidence”.
● Needs to be exercised through the entirety of the audit process.
● Gathering and objectively evaluating audit evidence requires the auditor to
SA
consider the competency and sufficiency of the evidence.
● The auditor neither assumes management is lying, nor assumes
unquestioned honesty.
● The auditor should not be satisfied with less than persuasive evidence simply
because of a belief that management is honest.
M
PL
E
U
SE

Page | 19 © SuperfastCPA.com
C. TERMS OF ENGAGEMENT

1. PRECONDITIONS FOR AN ENGAGEMENT

The preconditions for an audit are:

● Determine whether the financial reporting framework to be applied is

acceptable.
SA
● Obtain an agreement of management that it acknowledges and understands
its responsibility:
○ for the preparation and fair presentation of the financial statements in
accordance with the applicable reporting frameworks.
○ for the design, implementation, and maintenance of internal control
M
relevant to the preparation and fair presentation of financial statements
that are free from material misstatement, whether due to fraud or
PL
error.
○ to provide the auditor with:
■ access to all information, documents, records, etc that is relevant
to the preparation of the financial statements.
■ additional information that the auditor may request for purposes
E
of the audit.
■ unrestricted access to persons within the entity from whom the
auditor determines it necessary to obtain audit evidence.
U
SE

Page | 20 © SuperfastCPA.com
2. TERMS OF ENGAGEMENT AND ENGAGEMENT LETTER

The auditor needs to agree with management to the terms and only accepts the
engagement if the preconditions for an audit exist and an understanding of the
terms is agreed to by the auditor and management (or those charged with
governance).

These terms are agreed to in the engagement letter, which contains:

SA
● The objective and scope of the audit of the financial statements.
● The responsibilities of the auditor.
● The responsibilities of management.
● A statement that because of the inherent limitations of an audit, together
M
with the inherent limitations of internal control, an unavoidable risk exists
that some material misstatements may not be detected, even though the
audit is properly planned and performed in accordance with GAAS.
PL
● Identification of the applicable reporting framework for the audit.
● Reference to the expected form and content of any reports to be issued by
the auditor.
E
U
SE

Page | 21 © SuperfastCPA.com
D. REQUIREMENTS FOR ENGAGEMENT DOCUMENTATION

The overriding idea behind audit documentation is to compile documentation to

the point that an experienced auditor that had no previous connection with the
audit could look through the documentation and understand:

● The nature, timing, and extent of audit procedures performed.

● The results of the audit procedures performed, and the audit evidence
SA
obtained.
● Significant findings or issues arising during the audit, the conclusions
reached, and significant professional judgements made in reaching those
conclusions.
M
Considerations in actually documenting the audit:

● The identifying characteristics of the specific items or matters tested should

PL
be documented.
● Who performed the audit work and the date such work was completed
should be documented.
● Who reviewed the audit work and the date and extent of such review should
E
be documented.

The actual audit workpapers and copies of significant contracts, agreements,

documents, schedules, etc. make up the “audit file”, which should be in physical or
U
electronic form.

The auditor should document the report release date in the audit documentation,
SE
and the final audit file should be assembled no later than 60 days after the report
release date. The retention period for the final audit file should not be less than 5
years from the report release date. The auditor should adopt reasonable
procedures to maintain the confidentiality of the client information.

Page | 22 © SuperfastCPA.com
E. COMMUNICATION WITH MANAGEMENT AND THOSE CHARGED WITH GOVERNANCE

1. PLANNED SCOPE AND TIMING OF AN ENGAGEMENT

When communicating with management regarding the audit, an overview of the

audit process should be provided but it should not be so detailed as to reduce the
effectiveness of the audit procedures, meaning that the audit procedures shouldn’t
become completely predictable to management. The exact details of the auditor’s
SA
plan for tests and procedures should not be communicated.

The auditor should communicate:

● How the auditor will address the risks of material misstatements whether
M
due to fraud or error.
● Issues regarding internal control and the internal audit function (if exists).
● The application of materiality in the context of the audit.
PL
● Management’s responsibilities for the audit.
● The auditor’s responsibilities under GAAS.
● The planned scope and timing of the audit.
● Disagreements with management related to estimates, the scope of the
E
audit, application of accounting principles, the wording of the audit report,
and other material matters to the audit.
● Significant misstatements discovered during the audit that were
U
subsequently corrected by management.
● Communication on key audit matters (KAMs)
● Significant difficulties encountered during the audit.
SE
● Significant unusual transactions.

Page | 23 © SuperfastCPA.com
2. INTERNAL CONTROL RELATED MATTERS

The auditor should communicate in writing any significant deficiencies or material

weaknesses in internal control to management or those charged with governance.
This communication should be provided by the audit report date and not later than
60 days after the report release date.

Significant deficiency in internal control: A deficiency or combination of

SA
deficiencies in the design or operation of a control that doesn’t prevent, detect, or
correct misstatements on a timely basis. This is less severe than a material
weakness.

Material weakness in internal controls: A deficiency or combination of

M
deficiencies that results in a reasonable possibility that a material misstatement
will result as a result of the deficiency.
PL
The communication should include:

● The definition of material weakness and if applicable, the definition of a

significant deficiency.
● A description of the significant deficiencies and material weaknesses and an
E
explanation of the effects.
● Elements that explain:
○ That the purpose of the audit was for the auditor to express an opinion
U
on the financial statements.
○ The audit included consideration over internal control but not for the
purpose of expressing an opinion on internal control.
SE
○ The auditor is not expressing an opinion on the effectiveness of internal
control.
○ The consideration over internal controls was not designed to detect all
possible deficiencies in internal control and that there could be other
deficiencies in internal control that weren’t identified.

Page | 24 © SuperfastCPA.com
There are many items that would require communicating to management or those
charged with governance besides the scope of the audit or internal control
deficiencies, such as:

● Significant misstatements discovered by the auditor but corrected by

management.
● Disagreement with management on significant issues that could affect the
financial statements.
SA
● Management’s consultations with other accountants regarding significant
accounting matters.
● Any significant difficulties in dealing with management in performing the
audit such as not making key information available to the auditor.
M
PL
E
U
SE

Page | 25 © SuperfastCPA.com
F. A FIRM'S SYSTEM OF QUALITY CONTROL

Statements on Quality Control Standards (SQCSs)

These are statements issued by the AICPA’s Auditing Standards Board.

They apply to everything about accounting and auditing engagements and provide
guidelines for implementing a quality control system.
SA
6 Elements to a quality control system

● Leadership responsibilities such as “tone at the top”.

○ Emphasis should be on performing work that complies with
professional standards.
M
● Relevant and ethical requirements.
○ Policies should be implemented that help ensure that firm personnel
comply with applicable ethical requirements.
PL
● Acceptance and continuance of clients and specific engagements.
○ One of the main purposes for QC regarding client acceptance is so a
firm only accepts engagement that it is qualified to perform.
○ On the other side, to minimize the chances of working with a client
E
whose management lacks integrity.
● Human resources.
○ QC procedures over human resources should ensure the firm has
U
sufficient, competent personnel to handle the firm’s engagements in
accordance with the applicable requirements and issue required reports
SE
required by the engagements.
● Engagement performance.
○ One primary purpose is to ensure that engagements are adequately
supervised.
○ Needs to provide elements to support consistency of engagement
performance, supervision, and review functions.
● Monitoring- meaning ongoing quality control efforts.

Page | 26 © SuperfastCPA.com
 ○ Ongoing review of the QC procedures to ensure that they are
appropriate, relevant, and operating effectively.

The engagement partner is responsible for overall audit quality.

A firm’s QC procedures can be communicated to employees orally or in writing.

When there is a difference of opinion on a significant matter between members of

the audit team, the details of reaching a resolution should be documented.
SA
The nature and extent of a firm’s QC procedures are based on the firm’s size, the
nature of the firm’s practice, and cost/benefit considerations.

The SQCS’s scope is limited to auditing, accounting, and review services. The
M
procedures can obviously be applied to a firm’s other service areas, but the SQCSs
do not require it.
PL
E
U
SE

Page | 27 © SuperfastCPA.com