Table of Contents

SOX & Audit Committee

Study Plan Client Acceptance
Management Responsibilities
Mnemonics
Engagement Letter
Chapter 1
Initial Engagement
Chapter 2
Change in Engagement
Chapter 3
Knowledge of Client Industry
Chapter 4
Knowledge of Client Business
Chapter 5
Audit Strategy
Chapter 6
Audit Plan
Chapter 1 High Level Notes Audit Procedures
Independent Audit Functions Assertions
Reports Internal Audit
Type of opinions Specialists
Nonissuer Report Materiality
Issuer Report Risk Assessment Procedures
CAMs Understanding entity
Nonissuer Extra Paragraphs Audit Data Analytics (ADAs)
Issuer Extra Paragraph Internal Control
Change in Opinion Consideration of Internal Control
Report Presented Predecessor Auditor Procedures for IC
Report Not Presented Predecessor Auditor Document IC
Component Auditor IT
Single Statement Audits IT for Evidence Gathering
Piecemeal Opinion Generalized Audit Software Packages
Subsequent Events (GASP)
Dual Dating Chapter 3 High Level Notes
Changes in Audit Report Fraud
Other Information Obtaining Information About Fraud Risk
Supplementary Information Responding to Risk
Required Supplementary Information Communication Regarding Fraud
Special Purpose Frameworks Audit Risk
Other Country Framework Misstatements
Reporting Accountant Audit Approach
Chapter 2 High Level Notes Controls
Quality Control Evidence Obtained in Previous Audits
Review Substantive Procedures
Documentation Noncompliance
Retention Accounting Estimates
Files Related Party Transactions
Significant Audit Findings Audit Evidence
 Procedures to Obtain Evidence Attestation Engagements
Analytical Procedures Prospective FS
Vouching vs Tracing Pro Forma FS
Confirmations Service Organization Reports
Ratios Compliance Reports in Connection with
Selecting Items for Sampling Audited FS
Sampling Methods Compliance Attestation
Attribute Sampling Steps Government Auditing Standards
Types of Variable Sampling GAGAS: Performing Financial Audits
Variable Sampling Steps GAGAS: Reporting on Financial Audits
PPS Sampling Single Audits

Chapter 4 High Level Notes Chapter 6 High Level Notes

Revenue Cycle Services for Unaudited FS (SSARS)
Expenditure Cycle Elements of SSARS Engagements
Cash Cycle Subsequent Events SSARS
Inventory Cycle Preparation Engagements (SSARS)
Investment Cycle Compilation
Payroll Cycle Review Engagements
Financing Cycle Review Reports
Other Matters Interim Reviews (Nonissuers)
Management Bias Interim Reviews (Issuers)
Management Representation Letter Interim procedures
Audit Committee Comfort Letters
Types of Control Deficiencies Rules
Threats to Compliance
Chapter 5 High Level Notes PCAOB
Top Down Approach
SOX II
Nonissuers Communication of Control
Rule 2-01 (SEC)
Deficiencies
PCAOB Rules
Issuers Communication of Control
Deficiencies GOA
Inherent Limitations Paragraph (Issuers and
Nonissuers)
IC Report

Study Plan
Week 1: A1 & A2 → all lectures, skills practices, MCQ and sims; make flashcards
Week 2: A3 & A4 → all lectures, skills practices, MCQ and sims; make flashcards
Week 3: A4 & A5 → all lectures, skills practices, MCQ and sims; make flashcards
Week 4: Do final review and start going over notecards; work on topics that are hard to grasp;
take mocks 1 & 2 and review
Week 5: Make sure all flashcards are mastered; review each chapter and high level notes
(attached) ; take mock 3 and review
Mnemonics

Chapter 1 Change in opinion DORCS

Unmodified opinion (Nonissuer) MR DIM Date of auditors previous report
REPPORTS CRAME Opinion previously issued
Management Reason for prior opinion
Responsible Changes that have occurred
Statement that the “opinion...is different”
Design
Implementation Auditors responsibility for subsequent
Maintenance events PRIME
Post BS transactions
Responsibility Representation letter
Express Inquiry
Plan Minutes
Performing Examine latest interim FS
Obtain
Risk (RMM) Client refusal to change report DAR
Test IC Disassociate
Statements fair presentation Alert agencies
Relying parties
Control
Reasonableness Chapter 2
Accounting estimates Elements of quality control HELP ME
Management Human resources
Evaluating overall presentation Engagement/client acceptance &
continuance
Include in CAMs IPAD Leadership responsibilities
Identification of CAM Performance of engagement
Principal consideration that lead to
identification of CAM Monitoring
Addressed in audit Ethical requirements
Disclosure reference/FS accounts
FS assertions COVERU
Emphasis of Matter (Nonissuers) GAASP Completeness
Going concern cutOff
Accounting principle change (justified) Valuation, allocation & accuracy
Audit opinion changed due to subsequently Existence/occurrence
discovered facts Rights & obligations
Special Understandability & classification
Purpose framework
Components of IC CRIME Cutoff
Control environment Analytical procedures
Risk assessment Reperformance
Information & communication Reconciliation
Monitoring Observation
Existing controls Tracing

Control activities relevant to the audit PAID Walkthrough

TIPS Auditing related accounts simultaneously
Prenumbering documents Rep letter
Authorization of transactions Subsequent events review
Independent checks
Documentation Chapter 4
Going concern evidence ADMITS
Timely and appropriate financial reporting Analytical procedures
reviews Debt compliance
Information processing controls Minutes
Physical controls for safeguarding assets Inquiry
Segregation of duties Third parties
Subsequent events
Documentation of IC FIND
Flowchart Factors that may indicate substantial doubt
Internal control questionnaire/checklist FINE
Narrative Financial difficulties
Documentation from client Internal matters
Negative trends
Chapter 3 External matters
Hierarchy of audit evidence AEIO
Auditors direct personal knowledge Chapter 5
External evidence Common attestation concepts CAPE CORP
Internal evidence Compliance with attestation standards
Oral evidence Acceptance & continuance
Preconditions
Standard audit procedures C FIVE Engagement documentation
CARROT WARS
Confirmation Change in terms accepted
Other practitioner work can be used
Footing, cross footing & recalculation Responsibility for quality control
Inquiry Professional skepticism & professional
Vouching judgement
Examining/inspecting
Agreed upon procedures conditions I AM
SURE
Independent

Agreement of the parties

Measurability & consistency

Sufficiency of procedures
Use of the report is restricted
Responsibility for subject matter
Engagements to perform agreed upon
procedures for prospective FS

Chapter 6
Understanding clients business STAFF
Staff qualifications
Transaction type & frequency
Accounting basis used to prepare FS
Form of accounting records
Financial statements form and content

Review requirements & interim reviews U

LIAR CPA
Understanding with client

Learn/obtain knowledge of entity’s business

Inquiries should be addressed to
appropriate individuals
Analytical procedures
Review-other procedures

Client rep letter

Professional judgment to evaluate results
Accountant communicates results
Chapter 1 High Level Notes

Independent Audit Functions

● Management: FS and IC
● Auditor: to express opinion
○ Maintain professional skepticism
○ Must have sufficient and appropriate evidence
■ Weak internal controls does not equal adverse opinion; more substantive
testing
Reports
● Nonissuer (private): FS audit only
○ Can audit IC, not required
● Issuer (public): integrated (FS & controls)
○ Express separate opinion on operating effectiveness of IC & FS

Type of opinions
● GAAS issue (scope issue)
○ Qualified: except for *material*
○ Disclaimer: does not express opinion *material & pervasive*
● GAAP issue (presentation/error)
○ Qualified: except for *material*
○ Adverse: do not present fairly *material & pervasive*
● Can always express unmodified/unqualified opinion or withdraw
● Unmodified: non issuers
● Unqualified: issuers

Nonissuer Report
● Title: “Independent Auditors Report”
● Addressee
● Intro: modified for disclaimer (“we were engaged”)
○ Must include identification of FS audited and period of FS
● Management responsibility
● Auditor responsibility: “Auditor believes that the evidence obtained is sufficient and
appropriate to provide a basis for the _________ audit opinion” **only state if unmodified
opinion**
● Basis for ____ Opinion: *not included if unmodified*
● Opinion: If modified, would state the type of opinion in title of paragraph
● Emphasis of matter: emphasize what is in FS
● Other matter: brings attention to what is not in FS
● Signature and location
● Date
Issuer Report
● Title: “Report of Independent Registered Public Accounting Firm
● Addressee
● Opinion on FS: if modified state “discussed in the following paragraph”
○ Includes what FS are audited and periods covered by FS
● Explanatory paragraph: only needed if modified opinion *no title*
○ Explains why opinion was modified
● Basis for opinion: if disclaimer must say “basis for disclaimer of opinion”
○ 1st paragraph: covers management and auditors responsibilities
○ 2nd paragraph: state audit was conducted in accordance with PCAOB and that
the audit provides a reasonable basis for opinion
● CAMs: not included if adverse or disclaimer
● Signature, tenure, location
● Date

CAMs
● If none, must state that
● Matters communicated to audit committee that are:
○ Material
○ Challenging, subjective or complex judgment
● IPAD
○ Identification of CAM
○ Principal considerations that led to determination of CAM
○ Addressed in audit
○ Disclosures/account reference
● Not required if adverse/disclaimer opinion

Nonissuer Extra Paragraphs

● Emphasis of matter: appropriately presented/disclosed; explains items presented in FS
*immediately after opinion*
○ Required (GAASP)
■ Going concern
■ Accounting principle justified change
■ Audit opinion changed (subsequent event)
■ Special
■ Purpose framework
○ May be required
■ Litigation uncertainty
■ Major catastrophe
■ Significant related party transactions
■ Unusually important subsequent events
● Other matters: matters other than those presented in FS *immediately after E of M*
○ Required
 ■ Restricted use
■ Change in audit opinion (can be E of M or OM)
■ FS by predecessor not reissued
■ Comparative FS; prior period not audited, reviewed or compiled
■ Material inconsistency in other information
■ Report on supplementary information
■ Refer to required supplementary information
■ Restrict use when special purpose FS in accordance with
contractual/regulatory basis (except when intended for general use)
■ Report on compliance
○ May be necessary
■ Describe why auditor cannot withdraw
■ Further explain auditor responsibilities
■ Sets of FS prepared in accordance with different general purpose
framework

Issuer Extra Paragraph

● Explanatory paragraph (with title) required:
○ Going concern
○ Material change in accounting principle
○ Change in reporting entity
○ Change in investee
○ Previous material misstatement corrected
○ Other information materially inconsistent
○ Supplementary information omitted; departs materially; auditor unable to
complete prescribed procedures
● Explanatory paragraph (without title) required:
○ Prior year report not presented
○ Prior year opinion updated
○ Management required to report on IC over financial reporting, report not required
to be audited

Change in Opinion
● Disclose - DORCS
○ Date of previous report
○ Opinion originally stated
○ Reason for original opinion
○ Changes that have occurred
○ Statement that “opinion...is different”

Report Presented Predecessor Auditor

● Prior CPA should
 ○ Read current statements
○ Compare previous with current statement
○ Obtain letter of rep from successor auditor
○ Inquire and obtain letter of rep from management
● Date the report
○ Unrevised: original date
○ Revised: dual date

Report Not Presented Predecessor Auditor

● Current CPA should state
○ Prior period FS audited by predecessor auditor
○ Type of opinion
○ Nature of E of M, other matter, explanatory paragraphs included in old report
○ Date of old report

Component Auditor
● Group engagement team must understand
○ If component auditor is independent
○ Competence
○ Extent of work for component auditor
● Make no reference: group engagement partner assumes responsibility
● Make reference: explain what was audited by component auditor
○ Component report cannot be restricted use
○ If unable to evaluate work/independence

Single Statement Audits

● Auditor should understand
○ Purpose for which FS are prepared
○ Intended users
○ Steps taken by management to determine financial reporting framework is
acceptable
● Perform procedures on interrelated items
○ Sales and receivables
○ Inventory and payables
○ Fixed assets and depreciation
● If reporting on stockholders equity
○ Perform procedures to express opinion on financial position
● If reporting on net income
○ Perform procedures to express opinion on financial position and results of
operations
Piecemeal Opinion
● Adverse/disclaimer of opinion on complete set of FS can still give unmodified opinion on
specific element if:
○ Opinion on element is not published and does not accompany FS opinion
○ Specific element does not constitute major portion of entity’s FS

Subsequent Events
● Recognized
○ Adjusting journal entry; provides additional information about conditions that
existed at BS date
● Nonrecognized
○ Footnote disclosure; events that occurred after BS date and did not exist at BS
date
● Subsequent period
○ Public: through date FS are issued
○ All others: through date FS are available to be issued
● Procedures- PRIME
○ Post BS transactions
○ Rep letter
○ Inquiry
○ Minutes
○ Examine

Dual Dating
● Keep original report date for everything except particular subsequent event
● Can use later date for original report; will broaden responsibility for all subsequent
events

Changes in Audit Report

● Refusal by client- DAR
○ Disassociate
○ Alert agencies
○ Relying parties
● FS can no longer be relied upon

Other Information
● Auditor generally not responsible for determining if properly stated; must still read
● If other information is materially inconsistent, may require revision
○ If management refuses to revise, modify opinion or withdraw
○ Inform those charged with governance

Supplementary Information
● Only required if engaged to audit supplementary information
 ● FS must have been audited and cannot have adverse or disclaimer of opinion
● Evaluate presentation
● Report on whether supplementary information is fairly stated *opinion is issued*
● Must obtain written rep form management regarding information
● Location in auditors report
○ Nonissuers: other matter paragraph or separate report (must be referenced)
○ Issuers: explanatory paragraph or separate report (must be referenced)

Required Supplementary Information

● Limited procedures
○ Inquire of management
○ Determine if information is consistent with management response
○ Written management representations
● Reporting
○ Private: other matter paragraph stating the following, if applicable
■ Required supplementary information is included and limited procedures
were performed
■ Required supplementary information omitted
■ Some information is missing, some is presented
■ Identified material departures
■ Not able to complete required procedures
■ Unresolved doubts
○ Public: explanatory paragraph for the following, if applicable
■ Required information omitted
■ Material departures form guidelines
■ Unable to complete procedures
■ Unresolved doubts

Special Purpose Frameworks

● Examples
○ Cash
○ Tax
○ Regulatory
○ Contractual
○ Other
● Cannot use GAAP terms
● In emphasis of matter paragraph
○ Indicate special purpose framework
○ Refer to note in FS describing framework
○ State that framework is basis other than GAAP
● Regulatory and contractual are restricted use
● Specify framework in opinion paragraph
● Do not have to quantify difference between special purpose FW and GAAP
Other Country Framework
● For use only outside the USA
○ Report using other country report or report set out in ISA, or
○ US form of report
● For use in USA
○ Report using US form with emphasis of matter paragraph

Reporting Accountant
● Not required to be independent, must disclose if not
● Not continuing accountant
● Report issued must be restricted use for only
○ Management
○ Board of directors
○ Prior/current auditor

Chapter 2 High Level Notes

Quality Control
● AICPA: auditing firms must have system of quality control
● Elements: HELP ME
○ Human resources
■ Recruitment & hiring; assigning personnel; performance evaluation;
compensation; advancement
○ Engagement & client acceptance and continuance
■ Deciding whether to accept/continue client relationships; have policies for
withdraw; minimize likelihood of associating with client who lacks integrity
○ Leadership
■ Leadership bears ultimate responsibility for quality control system; tone @
top
○ Performance
■ Ensure engagement is appropriate and sufficient and work is properly
approved; allow consultation with experts on complex/unusual
transactions
○ Monitoring
■ Ongoing consideration and evaluation of design and effectiveness of
quality control; partner bears responsibility for this
○ Ethical requirements
■ At least annually, should confirm independence in writing, maintains
public confidence in profession
● Also affected by
○ Firm size, cost-benefit, nature and complexity of practice
 ● GAAS relates to individual audits, quality control relates to all professional activities of
the firm
○ Failed quality control DOES NOT equal failed GAAS

Review
● Engagement partner should review:
○ Critical areas of judgment
○ Significant risks (will always include management override and revenue
recognition)
● Documentation
○ Who performed the work
○ Who reviewed the work and date

Documentation
● Support auditor's opinion; not clients FS
○ Documents that audit was conducted in accordance with GAAS
● Audit documentation should:
○ Cover planning, conduction and supervision of the audit
○ Show accounting records reconcile to FS
○ Have enough detail for “experienced auditor” to understand:
■ NET of procedures
■ Results of procedures
■ Findings/issues
■ Conclusions
○ Show who performed the work and date completed
● Tickmarks are often used to explain work that was performed

Retention
● Report release date = auditor grants permission to use report
○ Should not be sooner than the date that appropriate sufficient audit evidence is
obtained
● Keep records
○ SAS (Nonissuers) → 5 years
○ PCAOB (Issuers) → 7 years
● Documentation must be completed within
○ SAS → 60 days
○ PCAOB → 45 days
○ ** cannot remove information, only add to it

Files
● Permanent: carry forward year to year
○ Includes: contracts, pension plans, leases, stock options, bylaws, articles of
incorporation, minutes, bond indentures
 ● Current: this year only
○ Includes: audit plan, FS & audit report, TB & AJE, confirmations, copies of
entity’s documents, summary of significant audit findings, records of tests of
controls & substantive testing

Significant Audit Findings

● Selection and application of accounting policies
● Give rise to significant risk
● Related to possible material misstatements
● Cause significant deficiencies

SOX & Audit Committee

● Select and appoint external auditor
● Auditor reports to and is overseen by audit committee

Client Acceptance
● Consider
○ Ability to meet deadlines
○ Ability to staff engagement
○ Independence
○ Integrity of client management

Management Responsibilities
● Responsible for FS and IC
○ Acknowledge this in engagement letter & also stated in report
● Provide auditor access to all information and people
● Auditor should not accept if management imposes scope limitations
○ Includes lack of records

Engagement Letter
● Reduced risk of uncertainty
● Required under PCAOB
● Addresses limitations of engagement
● Identification of reporting FW
● Management acknowledges their responsibility
● Does not include specific audit procedures
● PCAOB: letter also provided to audit committee for their acceptance

Initial Engagement
● Client must give permission for auditor to discuss with prior CPA
○ If do not = withdraw
● Ask prior CPA
○ Management integrity
 ○ Disagreements with management
○ Their understanding of why there was a change in auditor
○ Any communication about fraud/noncompliance

Change in Engagement
● From audit to review or compilation
● Acceptable reasons
○ Change in client requirements
○ Misunderstanding about nature of services
● Unacceptable reasons
○ Engagement would uncover fraud/error
○ Client attempting to create misleading/deceptive FS
○ Client refuses to allow correspondence with legal counsel
○ Client refuses to provide signed rep letter

Knowledge of Client Industry

● Common sources
○ AICPA accounting and auditing guides
○ Trade publications and professional trade associations
○ Government publications
○ AICPA accounting trends and techniques

Knowledge of Client Business

● Common sources
○ Tour client facility
○ Review financial history
○ Obtain understanding of client accounting
○ Inquire of client personnel

Audit Strategy
● More general guidelines
● Plan regarding NET/includes preliminary assessment of materiality
● Required to communicate planned scope and timing of audit with those charged with
governance

Audit Plan
● Can change during an audit
● Written audit plan REQUIRED
● Based on audit strategy, outlines NET of specific procedures to be performed

Audit Procedures
● Risk assessment → required in all audits
● Test of controls → tests of internal controls
 ○ Required for issuers, not for nonissuers
● Substantive tests → tests account balances

Assertions
● COVERU
● Transactions and events
○ Completeness
○ Cutoff
○ Accuracy
○ Valuation
○ Classification
● Account balances
○ Completeness
○ Allocation/valuation
○ Rights & obligations
○ Existence
● Presentation & disclosures
○ Completeness
○ Understandability and classification
○ Rights and obligations
○ Valuation and accuracy

Internal Audit
● Not independent
● Can aid in understanding of IC, assessing risk and performing substantive tests
● Responsibility stays with external auditor
● Cannot provide assistance with assessing RMM, determining if sufficient appropriate
evidence has been obtained, setting materiality, determining opinion that should be
issued, etc.
● Consider:
○ Competence: education level, professional certification, experience, quality of
audit documentation
○ Objectivity: level auditor reports, policies prohibiting audits of areas where
internal audit is not independent
○ Application of systematic & disciplined approach: existence and adequacy and
use of documented internal audit procedures

Specialists
● Can use auditor or client specialist
● Must evaluate competence and adequacy of work and objectivity
● Do not refer to specialist in report unless their findings suggest a qualified or adverse
opinion
Materiality
● Amount of error that would affect the judgment of a reasonable person
● FS as a whole
○ Can also have materiality for transactions, account balances or disclosure if
necessary
● Use smallest level of misstatement that could be material to any one FS
● Performance materiality
○ Less than total materiality
● Tolerable misstatement
○ Maximum error in population auditor will accept for specific procedure
● Revising materiality changes NET

Risk Assessment Procedures

● Can provide tests of details and substantive tests at the same time
● Understand entity/environment
● Understand IC
● Inquire with audit committee and management
● Analytical procedures
○ Required in planning and final review
● Discussion with engagement team

Understanding entity
● Document key elements
○ Is environment competitive?
○ What is regulatory environment like?
○ How does management determine estimates?
○ Is compensation based on performance?

Audit Data Analytics (ADAs)

● Analyze patterns, identify anomalies, & extract other useful information
● Steps
○ Plan ADA
○ Access and prepare data
○ Consider relevance and reliability of data
○ Perform ADA
○ Evaluate results/conclude
● Helps identify notable items
○ Previously unidentified risks
○ Modify/support RMM
○ Provide auditor with information to better plan audit

Internal Control
● CRIME
 ○ Must have understanding of each element
● Control environment
○ Tone at top
○ Communication and enforcement of integrity and ethical values
○ Commitment to competence
○ Participation of those charged with governance
○ Management philosophy and operating style
○ Organizational structure
○ Assignment of authority, responsibility and accountability
○ HR policies
● Risk assessment
○ Done by management
○ Identify likely areas of: lying, cheating, stealing
● Information/communication
○ Account processing from initiation to inclusion in FS
○ Initiating, authorizing, recording, processing and reporting transactions
○ Development of significant estimates
● Monitoring
○ Establishing and maintaining IC is the responsibility of management
● Existing control activities
○ Help ensure necessary steps to address risk are taken
■ Relevant to audit → PAID TIPS

Consideration of Internal Control

● 5 components of IC apply to all audits
● Identify preventative and detective controls
● Evaluate design: capable of preventing/detecting misstatements
● Evaluate implementation: present & functioning
● Limitation: management override, collusion and human error

Procedures for IC
● Inquiry (alone is not enough)
● Observation
● Inspect documents
● Walkthrough

Document IC
● Required to document understanding
● Can use FIND

IT
● Manual controls: large, unusual, nonrecurring transactions
● Automated controls: high volume, recurring
 ● General controls: relate to many applications
● Application controls: apply to processing of individual transactions
● Enhanced segregation of duties
○ Control group
○ Operators
○ Programers
○ Analysts
○ Librarian
● Risk: garbage in → garbage out

IT for Evidence Gathering

● Auditing around the computer (manual)
○ Tests input data, processes data independently and compares results
○ Appropriate for small batch systems
● Auditing through the computer (Computer Assisted Audit Techniques [CAATs])
○ Includes
■ Transaction tagging
● Electronically mark specific transactions and follow through clients
system
■ Embedded audit modules
● Examine all transactions over $
■ Test data
● Clients system, auditors data, offline
● Test invalid #, excess $, excess hours
■ Integrated test facility
● Test data mixed with live data, online, client unaware of test
■ Parallel simulation
● Auditor reprocesses clients live data and compares results

Generalized Audit Software Packages (GASP)

● Auditor can perform test of controls and substantive tests on clients system
● Requires little technical knowledge

Chapter 3 High Level Notes

Fraud
● Fraud: intentional
● Types:
○ Fraudulent financial reporting (lying)
■ Intentional misstatement or omission
○ Misappropriation of assets (stealing)
■ Theft of assets
○ Corruption (cheating)
 ● Fraud triangle
○ Incentive
○ Opportunity
○ Rationalization
● Only reasonable assurance is provided over identification of fraud
○ Auditors responsibility to design an audit for this
● Must discuss fraud risk with key members of the team
● Documentation required for risk assessment and response
○ Includes assessment of RMM at FS level and assertion level

Obtaining Information About Fraud Risk

● Inquire of management regarding views of fraud risk
● Consider results of analytical procedures
● Evaluate fraud risk factors

Responding to Risk
● Three levels
○ Level 1: Overall, general response
■ Considered when planning the audit
○ Level 2: Response encompassing specific audit procedures
■ NET
○ Level 3: Response addressing risks related to management override

Communication Regarding Fraud

● Any indication of fraud (even if immaterial) should be discussed with management at
least one level above
● Fraud that causes material misstatement → report directly to those charged with
governance
● Fraud involving senior management → report directly to those charged with governance

Audit Risk
● Auditor fails to modify report appropriately
● AR = RMM * DR
○ RMM = IR * CR
● Inherent risk **auditor cannot control**
○ Susceptibility of assertion to be materially misstated, assuming no controls in
place
■ High IR → high-volume transactions, cash, complex calculations,
estimates
● Control risk **auditor cannot control**
○ Material misstatement would not be prevented or detected and corrected in a
timely basis given the clients controls
 ■ High CR → no effective controls, not operating effectively, not be efficient
to test operating effectiveness
● Detection risk **auditor can control**
○ Risk that auditor will not detect material misstatement
○ Inverse relationship between RMM and DR
○ As DR decreases, substantive testing should increase (inversely related)
■ Change procedures to be more efficient → nature
■ Larger sample size → extent
■ Change testing to year end → timing

Misstatements
● Types
○ Factual misstatement: no doubt
○ Judgmental misstatement: differences concerning estimates that the auditor
considers unreasonable
○ Projected misstatement: best estimate of misstatements in population
● Harder to detect small misstatements

Audit Approach
● Substantive
○ Only substantive tests
○ Done if no effective controls, implemented controls are ineffective, would not be
efficient to test operating effectiveness of controls
● Combined
○ Substantive procedures and tests of controls
○ Tests of controls must be performed in current period
● Dual purpose test
○ Test of controls performed while performing test of detail

Controls
● Auditor required to have understanding of design and implementation of IC
○ Not required to evaluate operating effectiveness
● Must be designed effectively and operating
● Quality of evidence
○ Reperformance
○ Inspection
○ Observation
○ Inquiry

Evidence Obtained in Previous Audits

● Can use prior evidence on controls operating effectiveness as long as changes have not
been made
 ○ Must still be tested every 3 years
○ Cannot rely on previous audits for controls that address significant risks

Substantive Procedures
● Required for each material transaction class, account balance or disclosure
● Substantive test that does not indicate deficiencies, does not mean there are none

Noncompliance
● Management's responsibility
● Auditor cannot be expected to detect all noncompliance
● Auditor should obtain understanding of
○ Legal regulatory framework for entity
○ How entity is complying with that framework
● If identified, discuss with management at least one level above
○ If material and and intentional, communicate to those charged with governance
ASAP
○ Usually auditor does not have a responsibility to disclose noncompliance to
parties other than management and those charged with governance
● Opinion
○ Material effect that has not been adequately reflected in FS → qualified or
adverse
○ Unable to obtain sufficient appropriate evidence → qualified or disclaimer
○ Client refusal to accept modified report → withdraw

Accounting Estimates
● Possible management bias does not constitute a misstatement
● Low estimation uncertainty → less pervasive evidence needed
● High estimation uncertainty → more pervasive evidence needed

Related Party Transactions

● Must be disclosed
● Auditor is concerned with making sure they are properly accounted for and disclosed

Audit Evidence
● Accounting records
○ Invoices, contracts, ledgers, journal entries and worksheets
● Corroboration evidence
○ Minutes, confirmation, industry analysts reports, data about competitors,
information obtained through observation, inquiry and inspection
● Must persuade auditor
○ Must evaluate all evidence even if doesn't agree with clients statement
● Quality of audit evidence
 ○ Auditors direct personal knowledge
○ External evidence
○ Internal evidence
○ Oral evidence

Procedures to Obtain Evidence

● C FIVE CARROT WARS
● Accounts with high turnover → concentrate on ending balance
● Accounts with few transactions → concentrate on details of transactions
● Revenues mainly concerned with existence
● Expenses mainly concerned with completeness
● Assertions matched to audit procedures
○ Completeness
■ Tracing, analytical review, observation
○ Cutoff
■ Cutoff procedures
○ Valuation, allocation and accuracy
■ Inspection, footing, independence and recalculation, reconciliation
○ Existence and occurrence
■ Confirmation, observation, inspection, examination, vouching
○ Rights and obligations
■ Inspection
○ Understandability and classification
■ Inception, review, inquiry of management

Analytical Procedures
● Document
○ Auditors expectation
○ Factors considered in development of expectation
○ Results of comparison of expectation to recorded amounts
○ Additional audit procedures performed in response to significant unexplained
differences

Vouching vs Tracing
● Tracing
○ Source documents → financial statements
○ Evidence of completeness
● Vouching
○ FS → source documents
○ Evidence of existence

Confirmations
● Oral evidence is not a confirmation
 ● If received electronically or faxes, verify by calling
● Do not provide evidence about valuation or completeness
● Should be sent to all banks the client did business with during the year, even if no year
end balance
● Positive confirmation
○ Agree or disagree with information
● Negative confirmation
○ Respond only if party disagrees with information
● Blank confirmation
○ Must fill in amount
○ Higher quality of information but lower response rate

Ratios
● Liquidity
○ Measures of short term ability to pay maturing obligations
● Activity
○ Measures of how effectively an enterprise is using its assets
● Profitability
○ Measure financial performance of an enterprise for a given period of time
● Investor
○ Measures that are of interest to investors
● Long-term debt-paying ability (coverage)
○ Measures of security for long term creditors/investors
● ** don't focus on memorizing formulas, they should be given if required for simulation **

Selecting Items for Sampling

● All items may be selected if population is made of a small number of high-dollar value
items
● If specific items are selected, results cannot be projected onto entire population
● Sampling risk: risk that sample will not be representative of population
○ Incorrect acceptance: sample supports conclusion that account balance is not
materially misstated when it is in fact
■ Affects effectiveness
○ Incorrect rejection: sample supports conclusion that account balance is materially
misstated when it is not
■ Affects efficiency
● Nonsampling risk: audit risk not due to sampling
○ Selecting inappropriate audit procedures, failure to identify misstatements
● Stratification: separate into relatively homogeneous groups, results in reduced sample
size
Sampling Methods
● Statistical sampling: specify the sampling risk auditor is willing to accept, then calculate
sample size
○ Does not eliminate auditor judgment
● Nonstatistical sampling: auditor uses judgment to determine sampling size
● Attribute sampling: for internal controls; usually yes or no
○ Risk of assessing control risk too low: assessed level of control risk based on
sample is less than the true risk (overreliance)
■ Affects effectiveness
○ Risk of assessing control risk too high: assessed level of control risk based on
sample is greater than the true risk (underrelaince)
■ Affects efficiency
● Variables sampling and PPS: used for substantive testing
○ Variables sampling: obtains evidence about the reasonableness of monetary
amounts
● Discovery sampling: used when the auditor believes population deviation rate is zero or
near zero

Attribute Sampling Steps

● Define objective
● Define population
● Define sampling unit
● Define attributes of interest
● Determine sample size
○ Inverse relationship to: risk of assessing control risk too low and tolerable
deviation rate
○ Direct relationship: expected deviation rate
○ Not affected by population size if over 5,000
● Select sample
○ Block sampling not acceptable
● Evaluate sample results
○ Sample deviation rate + allowance for sampling risk = upper deviation rate
● Form conclusion
○ If upper deviation is less than or equal to auditors tolerable deviation rate, may
rely on control
○ If upper deviation rate exceeds tolerable deviation rate, auditor many not rely on
control
● Document sampling procedure

Types of Variable Sampling

● Mean-per-unit
○ Estimate = average sample value * number of items in population
● Ratio estimation
 ○ (Audited value / book value) * total value of population
● Difference estimation
○ (book value - audited value) / sample size * number of items in population

Variable Sampling Steps

● Define objective
● Define population
● Determine sample size
○ Direct relationship: expected misstatement, standard deviation, assessed level of
risk
○ Inverse relationship: tolerable misstatement, acceptable level of risk
● Select the sample
● Evaluate sample results
● Form conclusions
● Document sampling procedure
● Additional considerations if using ADAs

PPS Sampling
● Change of item being selected is proportionate to dollar amount
● Zero, negative, and understanded balances require special consideration
● Sampling interval
○ Tolerable misstatement / reliability factor
● Sample size
○ Recorded amount of population / sampling interval

Chapter 4 High Level Notes

Revenue Cycle
● Sales
○ Segregation of the following duties
■ Preparation of sales order
■ Credit approval
■ Shipment
■ Billing
■ Accounting
● Accounts receivable
○ Segregation of the following duties
■ Sales
■ Collection of cash
■ Uncollectible receivables
■ Sales returns
■ Sales discounts
● Cash
 ○ Opened by someone who does not have access to accounts receivable ledger
○ Receipts sent to
■ Cashier
■ Accounts receivable department
■ Accounting department

Expenditure Cycle
● 3 functions should be segregated
○ Purchase requisition
■ Cannot place order
○ Purchase order
○ Receipt of goods (should not include purchased amounts)
● Accounting department
○ Obtain receiving report
○ Recording payable
■ Receiving report compared to purchase order and vendor invoice
○ Approving invoice for payment and recording amount
● Cash disbursements
○ Approving payment and signing check should be segregated

Cash Cycle
● Lapping: failing to account for cash receipts
● Kiting: cash simultaneously reflected in two bank accounts

Inventory Cycle
● Following should be segregated
○ Purchasing
○ Receiving
○ Warehouse
○ Shipping

Investment Cycle
● Segregation of the following
○ Authorization of purchases
○ Custody of investments
○ Record keeping
● Fair value measurements **in order from least to most disclosures
○ Level 1: quoted prices in active markets for identical assets
○ Level 2: other than quoted prices for identical assets
○ Level 3: estimates and valuations
Payroll Cycle
● Segregation of duties for
○ Authorization to employ and pay
○ Supervision
○ Timekeeping and cost accounting
○ Payroll check preparation
○ Check distribution

Financing Cycle
● Evidence related to equity → board minutes
● Evidence related to debt → documents

Other Matters
● Auditor must evaluate opening balances and determine if they are materially misstated
● Send letter of inquiry to attorney to determine if management has correctly accrued all
litigation and claims
○ Managements responsibility to disclose any legal matters
● Going concern
○ ADMITS and FINE
○ Must include “going concern” and “substantial doubt” in emphasis of matter
paragraph
○ Can diclaim opinion
● Estimate audit procedures
○ Review procedures used by management to determine estimated
○ Develop independent estimate
○ Review subsequent events and transactions that corroborate the value

Management Bias
● Selective correction of misstatements
● The identification of additional adjusting entries that offset misstatements accumulated
by the auditor
● Bias in selection and application of accounting principles
● Bias in accounting estimates

Management Representation Letter

● Auditor prepares, signed by client
● Final piece of evidence
● Mandatory
○ If do not provide, disclaimer or withdraw
● Dated same date as auditors report
● Signed by CEO and CFO
 ● If performing integrated audit, additional representation should be obtained regarding
management's responsibilities for IC
● Contents
○ Management is responsible for
■ Fair presentation of FS
■ Design and implementation of IC
■ Providing all information to the auditor
■ Disclosing known or suspected fraud to auditor
■ Disclosing known or suspected noncompliance
■ Uncorrected misstatements would not make the FS misleading (summary
of misstatements included)
■ Disclosing known actual or possible litigation to auditor
■ Making reasonable estimates
■ Identifying and properly disclosing related party transactions
■ Making AJE for subsequent events

Audit Committee
● 3 to 5 members
● Not employees, no material financial interest
● Functions
○ Select and appoint independent auditor
○ Assures auditor is independent
○ Reviews nature and details of engagement
○ Reviews quality of auditors work
○ Reviews scope of audit
○ Ensures recommendations from auditor are given proper attention
○ Maintains communication between auditor and board of directors
○ Helps solve disagreements
○ Evaluates IC of company
○ Makes resorts to board of directors and stockholders when necessary
● Auditor should communicate disagreements with management, regardless of whether
they were resolved
● Communication can be oral or written
○ If written, must be restricted use
○ Issuers → communication made before issuance

Types of Control Deficiencies

● Material weakness: reasonable possibility that material misstatements of entities FS will
not be prevented or detected and corrected
○ Indicators:
■ Fraud perpetrated by senior management
■ Restatement of previously issued FS to correct material misstatement
 ■ Identification of material misstatement that would not have been detected
by IC
■ Ineffective oversight by those charged with governance
● Significant deficiencies: less severe than material weakness, important enough to merit
attention by those charged with governance
● Both can still exist even if material misstatements were not identified

Chapter 5 High Level Notes

Top Down Approach

● Evaluate FS risks
● Consider controls at entity level
● Focus on specific accounts and transactions with reasonable possibility of material
misstatement

Nonissuers Communication of Control Deficiencies

● FS audit
○ Significant deficiencies and material weaknesses within 60 days of report release
○ In writing, to management
○ Not required to look for them but cannot be ignored if they come to auditors
attention
● IC audit
○ Communicate by report release date
○ Written communication with management and those charged with governance
■ Includes corrected and uncorrected deficiencies
○ Also must provide written communication to management regarding any other
deficiencies within 60 days of report release
■ Inform those charged with governance that communication was made

Issuers Communication of Control Deficiencies

● Material weakness
○ In writing to management and audit committee
○ Made prior to issuance of report
● Significant deficiencies
○ Communicated to audit committee in writing
● All other control deficiencies
○ In writing to management
○ Inform audit committee that communication has been made

Inherent Limitations Paragraph (Issuers and Nonissuers)

● IC may not prevent or detect and correct misstatements
● Projections of assessment subject to risk that controls become inadequate
IC Report
● May be two separate reports or combined report
○ If separate, must reference that in the report
● No qualified opinion for internal control
○ If material weakness identified, adverse opinion
○ If scope limitation, disclaimer or withdraw

Attestation Engagements
● Follow Standards for Attestation Engagements (SSAE)
● Include
○ Agreed upon procedures
○ Financial forecasts and projections
○ Pro forma FS
○ Compliance
○ MD & A
○ Reporting on controls at service organization
● No reference to historical FS or GAAP
● Must be independent
● Common concepts → CAPE CORP
● Can provide 3 conclusions issued
○ Examination
■ Positive opinion; high level of assurance
■ **most like FS audit opinion
○ Review
■ Conclusion; moderate level of assurance
■ Negative assurance → “we are not aware of any material modifications
that should be made in order for ____ to be presented fairly”
○ Agreed upon procedures → I AM SURE
■ No assurance, procedures and findings are listed
■ Restricted use

Prospective FS
● Financial forecast: expected conditions; general or restricted use
● Financial projection: hypothetical conditions; restricted use only
● Engagement types
○ Preparation (SSARS)
○ Compilation (SSARS)
○ Examination (SSAE) → provides opinion
○ Agreed upon procedures (SSAE)
○ **Reviews are not allowed

Pro Forma FS
● Hypothetical events on historical FS
 ● Engagement types
○ Examination
○ Review
○ Can restrict use on either
● Make reference to historical FS and state whether they were audited or reviewed

Service Organization Reports

● Type 1 report
○ Report on design and implementation of service organizations controls
○ Provides auditor with understanding of controls
○ Cannot reduce control risk
● Type 2 report
○ Report on design, implementation and operating effectiveness of IC
○ Provides the auditor with assurance about service organization controls
○ Allows for reduction in control risk
● No reference to service auditor if unmodified opinion

Compliance Reports in Connection with Audited FS

● Must have audited financial statements and can only provide negative assurance if the
following are met
○ No identification of noncompliance
○ Unmodified or unqualified opinion on FS
○ Applicable covenants & regulatory requirements have been subject to audit
during FS audit
● Report can be issued as separate report of part of auditors report
○ Separate report must be restricted use
○ If part of auditors report, the entire report becomes restricted use
■ Report on compliance would be in other matter paragraph

Compliance Attestation
● Agreed upon procedures
○ Present specific findings to assist users in evaluating entity’s compliance with
specified requirements
○ Same elements as standard agreed upon procedures report
■ Must still be restricted use
● Examination
○ Examine entity’s compliance with requirements
○ Same elements as standard examination
■ Does not have to be restricted use
■ Provides opinion

Government Auditing Standards

● Unconditional requirements = must
 ● Presumptively mandatory = should
● Types
○ Financial audits
■ Incorporate GAAS; determine if FS present fairly in accordance with
GAAP or special purpose framework (OCBOA)
○ Attestation engagements
■ Follow attestation standards
○ Performance audits
■ Objectively present findings to assist management with decision making
● Key categories
○ Effectiveness, economy and efficiency → are programs
meeting goals? Cost and resources used?
○ Internal control → organizational goals are achieved
effectively and efficiently? IT security effective?
○ Compliance → compliance criteria has been met?
○ Prospective analysis → evaluate information based on
hypothetical future events and possible actions that could
be taken

GAGAS: Performing Financial Audits

● Evaluate if corrective action has been taken to address findings in previous audits
● Special consideration given to fraud and noncompliance
● Developing a finding
○ Criteria → laws or regulations
○ Condition → situation that exists
○ Cause → reason for the condition or deviation from criteria
○ Effect or potential effect → clear logical link between condition and deviation from
criteria
● Audit documentation of work performed
● Auditor communication to relevant parties
● Auditor’s responsibility paragraph should state that the audit was conducted in
accordance with GAAS and Government Auditing Standards
● Other matter paragraph should be added to end of report referencing GAGAS (Yellow
Book) report

GAGAS: Reporting on Financial Audits

● No opinion issued on IC
● Negative assurance issued on compliance → nothing came to auditors attention
● If report contains confidential information
○ May issue two separate reports → one with confidential information and one
without
○ If excluding confidential information altogether, must report on the exclusion of
info and state the reason for the omission
 ■ Auditor should evaluate if exclusion of information will cause results to be
distorted

Governmental Audit Report on Internal Controls

● Includes
○ Assertion that evaluating compliance with laws with a direct and material effect
on FS is part of developing opinion on FS
○ Assertion that specific controls relating to financial reporting are considered
○ Indication that either no weaknesses were found or that significant deficiencies
were found and whether they were material

Single Audits
● Expends $750,000 or more of federal assistance in a fiscal year
● Objectives
○ Separate schedule of expenditures of federal awards
○ Compliance audits of federal awards
● Materiality determined separately for each major program
○ Major program → $750,000 in assistance expensed or classified as “high risk”
● Must contact Inspector General & obtain current program specific audit guide
● Auditor must be selected through procurement (best bid wins)
● Report must be submitted by earlier of
○ 30 days after receipt of audit report or
○ 9 months after end of audit period
● Express opinion regarding compliance related to federal awards
● 5 reports that are issued for single audits
○ Financial statement report (GAAS)
○ SEFA Report in relation to FS *express opinion on fair presentation of*
○ GAGAS (Yellow Book Report) → IC over financial reporting and compliance
○ Single Audit Report → compliance for each major program
○ Schedule of Findings and Questioned Costs
● Must report on
○ Significant deficiencies and material weaknesses in IC over major programs
○ Material noncompliance
○ Questioned costs in excess of $25,000
● Major program determination
○ Type A: over $750,000
■ Break into high and low risk
○ Type B: all others
■ Break into high and low risk
○ Includes all Type A not identified as low risk and all Type B identified as high risk
○ If low risk client → must test at least 20% of total federal awards expended
○ If high risk client → must test 40% of total federal awards expended
Chapter 6 High Level Notes

Services for Unaudited FS (SSARS)

● Preparation: independence not required; no assurance
● Compilation: state whether independent; no assurance
● Review: must be independent
● Must be able to justify departures from SSARS
● Do not apply to interim FS for nonissuers whose annual FS are audited
● If accountant becomes aware of fraud or noncompliance, this should be communicated
to appropriate level of management

Elements of SSARS Engagements

● 3 party relationship
○ Management
○ Accountant
○ Intended users → auditor not responsible for identifying them
● Require written agreement with management
● FS prepared in accordance with special purpose framework are not appropriate unless:
○ Description of framework and description of material difference from GAAP
○ Disclosures similar to GAAP

Subsequent Events SSARS

● Accountant not responsible for providing review procedures after date of review report; if
information becomes known, accountant should:
○ Discuss with management
○ Determine if FS need revision
● Material information becomes known after issuance
○ Immediately disclose information and impact to people relying (management's
responsibility)
○ Determine if FS need revision
● Client refuses to make changes
○ Disassociate
○ Agencies
○ Related parties

Preparation Engagements (SSARS)

● Engagement letter required
● Must have understanding of framework used
● Each page of FS says “no assurance provided” or disclaimer provided on FS
● No report issued
● Does not have to include accountant/firm name
● If using special purpose framework, description should be on face of FS
● Not required to inquire or perform other procedures
 ● If information is incorrect, obtain additional information from client; if FS are prepared
with known departures, must disclose the material misstatements
● Can prepare FS that omit disclosures if
○ Accountant discloses omission
○ Omission not intended to mislead users
● Limited disclosures
○ “Selected information - substantially all disclosures required by [financial
reporting framework] are not included”

Compilation
● No assurance; assist management in presentation of FS
● Must have engagement letter
● Must have understanding of clients business
○ STAFF
● Looking for math errors and mistakes related to applicable reporting framework
● If accountant becomes aware of incomplete/inaccurate information and client refuses to
change = WITHDRAW
● Also withdraw if scope limitation
● Each page marked “see accountant's compilation report”
● Can compile FS that omit disclosures if
○ Accountant discloses omission
○ Omission not intended to mislead users
● Must disclose if not independent
○ Permitted, not required, to disclose reasons
● Report issued

Review Engagements
● Limited assurance
● Not required to obtain understanding of IC and assess risk
● Must be independent
● Requirements
○ U LIAR CPA
● Not required to test IC, perform audit tests, assess fraud risk or communicate with
predecessor accountant
● Documentation does not include testwork → no testing is done
● Issues report
○ Must include “independent” in title
○ Provides negative assurance
● Each page of FS say “see independent accountants review report”

Review Reports
● Prepared under regulatory or contractual basis = restrict use
● Known departures paragraph immediately follows accountants conclusion paragraph
 ● Going concern remains: emphasis of matter paragraph including “substantial doubt” and
“going concern”
● Reports on compiled FS must include same disclosures
○ One contains disclosures and one omits them = no report issued
● Unaudited FS presented with audited FS must be clearly marked and either:
○ Reissue prior period report
○ Other matter paragraph in current report describing responsibilities assumed for
prior period FS

Interim Reviews (Nonissuers)

● SAS
● Use same framework as annual
● Latest FS have been audited
● Going concern in emphasis of matter must be included if
○ Included in prior year and conditions still exist
○ Management stated substantial doubt exists

Interim Reviews (Issuers)

● PCAOB
● Standards do not require written report unless
○ Client states auditor has reviewed interim FS, then report must be included

Interim procedures
● U LIAR CPA
● Understand IC

Comfort Letters
● From CPA to underwriter/other requesting parties
● Restricted use
● Positive assurance
○ CPA independence
○ Compliance on form of FS if audited
● Negative assurance
○ Unaudited FS
○ Pro forma

Rules
● Independence rules
○ Not required for compliance and non-attestation services
○ Applies to covered members:
■ On engagement team
■ Position to influence engagements
■ Partner providing 10+ hours of non-attest services during the year
 ■ Partner in same office as lead partner
■ Firm as a whole
○ Impaired with material indirect interest to any direct interest
○ Not impiared for:
■ Fully collateralized car loans
■ Credit card balance not over $10,000
■ Bank account fully insured by government
■ Passbook loan
○ Imparied:
■ Immediate/close family in key position
■ Person formerly employed by client and engagement covers period of
employment
■ Over 1 year late on audit fees
■ Actual/threatened litigation
● Unless immaterial amount and unrelated to attestation
○ Cannot make management decisions for client
● General standards rules
○ Professional competence
■ Only undertake engagements that can be reasonably expected to be
completed with professional competence
○ Due professional care
■ Planning and supervision and sufficient relevant data
● Compliance with standards rule
○ Must comply with standards of applicable bodies
● Accounting principles rule
○ Departure from GAAP may be justified if compliance would cause FS to be
misleading
● Confidential client information rule
○ Cannot disclose confidential client information
○ Exceptions
■ Subpoena
■ Quality review AICPA
■ Inquiry by ethics division of AICPA or state CPA society
● Contingent fees rules
○ Not contingent if fixed by court
○ Permitted for compliance if state “not independent”
○ Prohibited → audit/attest and tax returns
■ Okay if for challenging IRS
● Acts discreditable
○ Fail to return records
○ Discrimination or harassment
○ Failing to follow procedures in governmental audit
○ Negligence
 ○ Failing to follow GAAS
○ Solicitation or disclosure of CPA questions and answers
○ Failure to file personal tax return timely
○ Cannot be false, misleading or deceptive
○ Disclosure of confidential information
● Form of organization and name rule
○ All owners must be CPAs if CPA firm
○ Can use names of past owners

Threats to Compliance
● Adverse interest threat
○ Members interest is opposed to client interest
● Advocacy threat
○ Promotes clients interest to point that independence impaired
● Familiarity threat
○ Member becomes too sympathetic of client work
● Management participation threat
○ Member takes on management roles
● Self-interest threat
○ Member could benefit from relationship with client
● Self-review threat
○ Not appropriate review work done by member
● Undue influence threat
○ Threat that member will subordinate judgment because of excessive influence
over member

PCAOB
● 3 not CPAs, 2 CPAs
● Only registered accounting firms can report on SEC audits
● Documentation maintained for 7 years
● Concurring review

SOX II
● Auditor cannot also provide
○ Bookkeeping
○ Financial information design
○ Appraisal and valuation
○ Actuarial services
○ Management and HR
○ Internal audit outsourcing
○ Broker, dealer, investment advisor, investment banker
○ Legal services
○ Expert services
 ● Taxes okay if approved by audit committee
● Lead partner rotates off every 5 years
○ Name must be disclosed
● One year cool off period
○ CEO, CFO, controller, chief accounting officer

Rule 2-01 (SEC)

● Financial interest exceptions
○ Received through unsolicited gift and disposed of ASAP, no later than 30 days
after
● Lead partner requires 5 years cool off period
○ 2 years for other partners

PCAOB Rules
● Cannot provide aggressive tax transactions
● Cannot provide tax services to corporate officers or immediate family

GOA
● External peer review every 3 years
● DOL independence
○ Direct financial interest
○ Material indirect interest