Index [] · Audit software, 663 Audit strategy, 115 Auditing standards international standards, 76...

737

Acceptable level of risk, 475

Access control and security software,

508

Access control software, 679

Access controls, 663

Account-balance level risk assessment,

610

Accounting and review services, 425

compilations, 426

key terms, 449

review(s), 428

Statements on Standards for

Accounting and Review

Services, 431

AR 60, 431

AR 90, 431

AR 80, 431

AR 80, 435

AR 90, 439

AR 110, 444

AR 120, 444

AR 200, 445

AR 300, 447

AR 400, 447

AR 500, 449

AR 600, 449

Accounting changes, 349

Accounting controls, 170

Accounting cycles, 186

fi nancing, 199

inventories and production, 195

investing, 199

overall internal control questionnaires

for, 200

personnel and payroll, 196

purchases, payables, and cash

disbursements, 191

sales, receivables, and cash receipts,

188

Accounting estimate(s)

defi ned, 114, 285

Accounting principle(s)

AICPA Rule 203, 64

Accounting records, 187

Acts discreditable, AICPA rule for, 66

Administrative controls, 170

Adverse opinion, 353, 380

Advertising, AICPA rules for, 67

Advisory services, 69

Aggressive tax position transactions, 63

Agreed-upon procedures, 39, 380

AT 101, 525

AT 201, 526

report on, 344, 368

AI (artifi cial intelligence), 660

AICPA Code of Professional Conduct, 51

conceptual framework for

independence standards, 53

Due Care (Article V), 52

general information, 51

Integrity (Article III), 52

Objectivity and Independence (Article

IV), 52

PCAOB Independence Standards, 63

rules, interpretations, and rulings

General Standards (Rule 201), 63

principles, 52

responsibilities

in consulting services, 69

in personal fi nancial planning, 70

rules, interpretations, and rulings, 53

Accounting Principles (Rule 203), 64

Acts Discreditable (Rule 501), 66

Advertising and Other Forms of

Solicitation (Rule 502), 67

Commissions and Referral Fees

(Rule 503), 67

Compliance with Standards (Rule

202), 63

Confi dential Client Information

(Rule 301), 65

Contingent Fees (Rule 302), 65

Ethics Rulings and Other

Responsibilities (Rule 591), 68

Form of Practice and Name (Rule

505), 68


Independence (Rule 101), 53

Integrity and Objectivity (Rule

102), 60

Scope and Nature of Services (Article

VI), 53

The Public Interest (Article II), 52

AICPA Content and Skills Specifi cation

Outlines, 31

Algorithm, 670

Allowable risk (of assessing control risk

too low), 471

Analog information, 656

Analysis phase (IT systems), 654

Analytical procedures, 259

defi ned, 114, 285

Antivirus software, 666

Applicable fi nancial reporting

framework, 432, 624

Application control activities, 677, 680

Applications programming, 676

Applications software, 658

Appropriateness (of audit evidence),

257, 285

Arithmetic/logic unit, 656

Arm’s length transactions, 285

Array, 661

Artifi cial intelligence (AI), 660

Assertions

defi ned, 114, 206, 285, 524

fi nancial statement

and audit evidence, 256

engagement planning, 101

internal controls, 170

relevant

defi ned, 102, 116, 286


Assurance engagements, 449

Assurance standards (international), 76

ATM (automatic teller machine), 657

Attest (attestation) engagement

AT 101, 525

compliance, 533

defi ned, 449

Attest services, 69

Attestation

attest function, 38

engagements

compliance, 374

examination, 366

interpretations, 523

review, 367

standards, 43

Attestation standards

AT 50, 523

Attribute sampling

defi ned, 468, 484

in tests of controls, 469

statistical (attributes) sampling, 469

Audit completion, 42

Audit defi ned, 39

Audit documentation

PCAOB Auditing Standard No. 2, 643

Index

bindex.indd 737bindex.indd 737 24-10-2013 13:04:0324-10-2013 13:04:03

COPYRIG

HTED M

ATERIAL

738 Index

Audit effectiveness, 469

Audit effi ciency, 469

Audit evidence, 255

and audit procedures, 259

for cash, 269

client representation letters, 280

completing, 284

defi ned, 114, 285

for expenses, 280

fair values, 282

and fi nancial statement assertions, 256

inquiry of a client’s lawyer, 281

for inventory, 273

for investment securities, 274

key terms, 285

for long-term debt, 278

loss contingencies, 281

omitted procedures discovered after

report date, 283

and operational audits, 284

for owner’s equity, 279

for payables (current), 277

PCAOB Auditing Standard No. 15,

648

for prepaid assets, 276

presumptions related to validity of,

257

procedures for, 257

for property, plant, and equipment,

275

for receivables, 271

related-party transactions, 282

for revenue, 279

and statement of cash fl ows, 283

subsequent discovery of facts existing

at date of audit report, 282

subsequent events, 282

substantive procedures for, 260

audit programs, 261

documentation, 267

types of, 259

suffi cient and appropriate, 257

types of, 258

using work of specialists, 281

Audit hooks, 507

Audit planning

defi ned, 114


internal control audits, 180


647

Audit procedures, 258, 259

prescribed, 267

Audit process, diagram of, 40

Audit programs

defi ned, 114, 261

substantive, 261

Audit report

circumstances resulting in modifi ed

opinion, 351

group fi nancial statement, 354

special purpose reporting framework,

360

standard unmodifi ed, 345

unmodifi ed opinion

with emphasis-of-matter paragraph,

347

other-matter paragraph, 356

Audit report on fi nancial statements, 380

Audit risk, 467

defi ned, 114, 467


PCAOB Auditing Standards No. 8,

647

Audit sampling, 465, 484

defi ned, 466, 484

key terms, 484

nonstatistical and statistical

approaches to, 467

statistical sampling plans, 468

in substantive tests of details, 474

classical variables sampling, 480

probability-proportional-to-size

(PPS) sampling, 476

sampling risk, 474


nonstatistical sampling, 473

sampling risk, 467


uncertainty and, 467

uses of, 468

Audit software, 663

Audit strategy, 115

Auditing standards

international standards, 76

Auditing with technology, 505

computerized audit tools

automated workpaper software, 510

database management systems, 510

electronic spreadsheets, 510

generalized audit software, 509

public databases, 510

for tests of controls, 506

text retrieval software, 510

word processing software, 510

internal control in, 505

key terms, 511

Auditor’s reports


642


644

standard audit report

defi ned, 381

subsequent discovery of facts existing

at date of, 282

Authentication, 672

Automated source data input devices,

657

Automated workpaper software, 510

Automatic teller machine (ATM), 657

Backup and recovery, 663, 679

Backup facilities, 663, 683

Bank cutoff statements, 270

Bank reconciliations, 270

Bank transfer schedule, 269

Batch processing, 659

Batch totals, 681

Bill and hold transactions, 280

Bit, 661

Block sampling, 470

Boundary protection (computers), 678

Bridge, 665

Buffer, 657

Business continuity, 681

Byte, 661

Call back, 679

Capital stock transactions, 279

Cash

audit evidence, 269

audit procedures, 265, 270

Central processing unit (CPU), 656

Centralized processing, 660

Change in accounting estimate, 350

Change in accounting principle, 349

Change in reporting entity, 350

Change in statement format, 350

Channel stuffi ng, 280

Check digit, 680

Checkpoints, 683

Classical variables sampling

probability-proportional-to-size

sampling vs., 485


Class-or-transaction level risk

assessment (AU 322), 610

Client representation letters, 280

Client-server architectures, 666

Close relatives

defi ned, 55, 79

independence rules, 54

Closed-loop verifi cation, 680

Cloud computing, 664

COBIT (Control Objectives for

Information and Related

Technology), 673

Code comparison program, 678

Code review, 506

Cold site, 683


Index 739

COM (computer output to microfi lm or

microfi che), 658

Command line interface, 657

Commissions

AICPA rules for, 67

Commissions and Referral Fees (Rule

503), 67

Committee of Sponsoring Organizations,

171

Communication

for internal control, 169, 173, 174

communication of related matters,

203

communication with those charged

with governance, 204

with predecessor auditors, 107

Communication (IT systems), 676

Communications servers, 667

Communications software, 658

Compact discs, 656

Comparative fi nancial statements

defi ned, 380

Comparison programs (CAAT), 506

Competence

AU 322, 610

of internal auditors, 205

Compilation of fi nancial statements, 39

reports, 363

Compilation(s), 257

defi ned, 449

nature of, 426

planning, 426

procedures for, 427

reporting issues, 427



Services, 431

Compiler, 658

Complementary user entity controls, 539

Completing the audit, 42

Compliance attestation engagements, 533

Compliance audits, 374, 380

of federal fi nancial assistance

programs, 377

reports, 376

Computer assisted auditing techniques,

511

Computer control activities, 677

Computer output to microfi lm or

microfi che (COM), 658

Computer service organizations

(bureaus, centers), 673

Computerized audit tools (CAAT)

automated workpaper software, 510

database management systems, 510

electronic spreadsheets, 510

generalized audit software, 509

public databases, 510

for tests of controls, 506

text retrieval software, 510

word processing software, 510

Computers

manual systems vs., 653

microcomputers, 668

types of, 655

Concurrent testing, 507

Condensed (summary) fi nancial

statements

defi ned, 380

Confi dential transactions, 63

Confi dentiality

AICPA rule for, 65

international standards for, 74

Confi rmation

of accounts, 271

of deposits and loans, 270

of payables, 277

Confl icts of interest, international

standards for, 75

Consideration of Internal Control in a Financial Statement Audit (AICPA), 674, 677

Consistency

in application of GAAP, 349

defi ned, 380


646

Console, 657

Consultations, 69

Consulting process, 69

Consulting services

AICPA on responsibilities in, 69

defi ned, 69

Consulting services practitioners, 69

Contingency processing, 679

Contingent fees, AICPA rules for, 65

Continuing accountants, 380

Continuous testing, 507

Control activities


for IT systems, 677

application controls, 680

computer control activities, 677

control environment, 675

overall control activities, 680

user control activities, 681

Control environment

for internal control, 168, 173

for IT systems, 675

Control objective (internal controls),

179

Control Objectives for Information and

Related Technology (COBIT),

673

Control risk

defi ned, 102, 115, 206, 285

Control totals, 680

Control unit, 656

Control(s)

access, 663, 679

IT systems, 668, 672

Controlled reprocessing, 507, 511

Controllers (computers), 657

Cooking the books, 115, 286

Coordination of the timing (audit

procedures), 109

Correction of an error, 350

Covered member, 54, 79

CPU (Central Processing Unit), 656

Cross-reference, 269

Current workpaper fi les, 269

Custody of client assets, international

standards for, 75

Data control, 676

Data control language (DCL), 662

Data defi nition language (DDL), 662

Data dictionary, 662

Data directory, 662

Data fl ow diagrams (DFDs), 684

Data independence, 662, 663

Data library, 676

Data manipulation language (DML), 662

Data marts, 660

Data mining, 660

Data modeling, 662

Data preparation, 676

Data redundancy, 663

Data repository, 662

Data sharing, 663

Data structure (IT), 661

Data warehouse, 660

Database administration, 676

Database administrator (DBA), 663

Database management systems, 510, 662

Database replication, 663

Database servers, 667

Database systems, 662

Database(s)

backup of, 663

client-server architectures, 666

controls for, 663

defi ned, 662

public, 510

Date of the auditor’s report, 380

Date of the fi nancial statements, 380

DBA (database administrator), 663

DCL (data control language), 662

DDL (data defi nition language), 662

Debug, 659

Decentralized processing, 660


740 Index

Decision support systems, 654, 660

Decision tables, 684

Decryption, 670

Defalcations, 115

Defi ciency in internal control, 179

defi ned, 206

Department of Labor (DOL), 79

Deposits, confi rmation of, 270

Design phase

IT systems, 655

Desired precision, 482

Desk checking, 659

Detail fi le, 661

Detection risk, 102, 115, 285

Development phase (IT systems), 655

Deviation rate, 484

DFDs (data fl ow diagrams), 684

Diagnostic routines (computers), 678

Difference estimation, 481, 484

Digital information, 656

Direct access processing, 659

Direct fi nancial interest, 59, 80

Directional testing, 186

Disaster recovery, 681

Disclaimer of opinion, 353, 380

Disclosure(s)

and internal controls, 179

tests of details of, 261

Discovery sampling, 472, 484

Distributed database structure, 663

Distributed processing, 661

Distributed systems, 667

Document fl owcharts, 684

Documentation

audit evidence, 267


643

Documentation (IT systems), 678

Documentation completion date, 644

DOL (Department of Labor), 79

Dual-purpose tests, 176

audit sampling in, 468

defi ned, 468

Due care

AICPA principle, 52


Echo check, 678

EDI (electronic data interchange), 658,

671

Edit (programming), 659

Electronic commerce, 658, 670

Electronic data interchange (EDI), 658,

671

Electronic funds transfer (EFT), 670

Electronic spreadsheets, 510

Embedded audit modules, 507

Emphasis-of-matter paragraph, 347

Encryption, 670, 672, 679

End-user computing (EUC), 669

Engagement letters, 108, 115

Engagement planning, 101

audit planning, 107

audit risk, 102

errors and fraud, 104

fi nancial statement assertions, 101

materiality, 103

obtaining understanding of client,

110

quality control, 112

risk assessment, 112

Engagement review, 112


647

quality review process, 284

Engagements

AICPA rules for, 63

quality review process, 284

Enterprise resource planning (ERP), 658

Entity-relationship modeling, 662

ERP (enterprise resource planning),

658

Errors

in engagement planning, 104

in risk assessment, 469, 474, 482, 484

Estimated standard deviation, 482

Estimated total audited value (ETAV),

483

Ethical standards, international, 74

Ethics rulings, on AICPA Code, 61

EUC (end-user computing), 669

Evidence collection procedures, 257

Examination report, 343, 376

Examination(s)

AT 101, 525

defi ned, 380

Exception (to external confi rmation

request), 285

Executive information systems, 654

Expected amount of misstatement

(error), 475

Expected population deviation rate

(expected rate of occurrence),

471

Expenses (audit evidence), 280

Expert systems, 654, 660

Explanatory paragraphs

defi ned, 380

Extended records, 507

Extensible Business Reporting

Language (XBRL), 665

Extensible Markup Language (XML),

665

Extent of audit procedures, 258

External confi rmation, 285

External labels (IT systems), 679

Extranets, 666

Factual misstatements, 115, 484

Fair value(s)

audit evidence, 283

Fax servers, 667

Fees

contingent, 65


referral, 67

Field, 661

Field check, 680

Field size check, 680

File processing systems, traditional,

661

File servers, 667

Financial Accounting Reporting

Cycle, 187

Financial forecasts

AT 301, 528

defi ned, 528

Financial forecasts and projections

reports on, 368

Financial interest, 59, 80

Financial projections

AT 301, 528

defi ned, 528

Financial reporting

controls over, 168

Financial reporting framework, 432,

449, 624

Financial statement assertions

and audit evidence, 256



Financial statement audit reporting

key terms, 380

Financial statement level risk assessment

(AU 322), 610

Financial statements

compilations and review, 449

interim, 425

reports on

compiled FS, 344

reviewed, 39, 343, 363

unaudited, 39

Financing (accounting cycle), 199

Firewalls, 665

Fixed sample size approach, 472

Flowcharting, 683

Flowcharting software, 506

Forecasts and projections

reports on, 368

Foreign Corrupt Practices Act of 1977,

170, 206


Index 741

Form of practice, AICPA rule for, 68

Fraud

defi ned, 80, 115, 285, 380


Fraud risk factors

defi ned, 115, 285

Fraudulent fi nancial reporting, 104

defi ned, 115, 286

materiality


Further audit procedures, 115, 286

GAO (Government Accountability

Offi ce), 78

GAS (generalized audit software), 509,

511

GAS (government auditing standards),

648

Gateway, 665

Generalized audit software (GAS), 509,

511

Generally accepted accounting

principles (GAAP)

report on application of, 349

Generally accepted attestation standards,

523

Generally accepted auditing standards

(GAAS), 43

Generally accepted government auditing

standards (GAGAS), 648

Gifts


Going concern considerations, 348

Government Accountability Offi ce

(GAO), 78

Government auditing standards (GAS),

648

Grandfather-father-son method, 681

Graphical user interface (GUI), 657

GUI (graphical user interface), 657

Haphazard sampling, 470

Hardware, 655

access controls, 679

for local area networks, 668

Hash totals, 680

Hierarchical database structure, 662

High-end accounting software, 658

Historical fi nancial information, 115

Hospitality, international standards for, 75

Hot site, 683

HTML (Hypertext Markup Language),

665

HTTP (Hypertext Transfer Protocol),

665

Hypertext Markup Language (HTML),

665

Hypertext Transfer Protocol (HTTP), 665

Hypothetical transaction, 380

IAASB (International Auditing and

Assurance Standards Board),

76, 80

IASB (International Accounting

Standards Board), 78, 80

Identifi cation code, 679

IESBA (International Ethics Standards

Board for Accountants), 74

IFAC (International Federation of

Accountants), 76, 80

IFRS (International Financial Reporting

Standards), 78

Immediate family

defi ned, 55, 80

independence rules, 54

Implementation phase (IT systems), 655

Implementation services, 70

In substantive tests of details

comparing PPS to classical variables

sampling, 484

Inconsistency, 349, 621

Incremental allowance for projected

misstatements, 478

Independence

AICPA principle, 53

AICPA rules for, 53

data, 662

defi ned, 80


Index, 269

Indirect fi nancial interest, 80

Individual in a position to infl uence the

attest engagement, 55, 80

Information

confi dentiality of, 65

digital, 656

historical fi nancial, 115


communication of related matters,

203

communication with those charged

with governance, 204

for IT systems, 677

Information systems

defi ned, 653

within a business, 653

Information Systems Audit and Control

Association (ISACA), 673

Information technology (IT), 653

computer service organizations

(bureaus, centers), 673

computer types, 655

control objectives for information and

related technology, 673

data structure methods, 661

electronic commerce, 670

end-user computing, 669

fl owcharting, 683

hardware, 655

information systems within a

business, 653

and internal control, 674




disaster recovery and business

continuity, 681

information and communication, 676

monitoring, 677


overall risks, 674

reliable systems, 674



local area networks, 668

microcomputers, 668

network types, 663

processing methods, 659

software, 658

systems design and process

improvement, 654

telecommunications, 672

types of IT systems, 653

Inherent risk

defi ned, 102, 115

Input controls (IT systems), 680

Input devices, 657

Input interface, 657

Inquiry of a client’s lawyer

audit evidence, 281

Inspection (PCAOB), 80

Intangible assets, auditing, 276

Integrated audits

AT 501, 533

defi ned, 380

Integrated test facility (ITF), 506, 511

Integrity

AICPA principle, 53


Interim date (audit procedures), 109

Interim fi nancial information (AU 722),

640

reports on, 363

Interim fi nancial statements, 425

Internal audit function, 205, 609

Internal auditing, 286

Internal control

accounting cycles, 186

fi nancing, 199

inventories and production, 195

investing, 199


742 Index

Internal control (continued)

overall internal control

questionnaires for, 200

personnel and payroll, 196

purchases, payables, and cash

disbursements, 191

sales, receivables, and cash receipts,

188

and accounting vs. administrative

controls, 170


AT 501, 533

AT 801, 539

AU 322, 610

auditor’s consideration of, 171

obtaining understanding of internal

controls, 171


tests of controls, 177

audits (examinations) of, 178

audit planning, 179

effects of internal audit fuction on,

205

evaluating identifi ed defi ciencies, 183

general guidelines, 178

PCAOB Standard 5 vs. SSAE 15

on, 185

reporting on, 184

test design and operating

effectiveness of controls, 182

top-down identifi cation of controls

to test, 181

wrap-up, 183

Committee of Sponsoring

Organizations, 171

communication, 169

of related matters, 203

with those charged with

governance, 204


control activities, 169

control environment, 168, 675

defi ned, 206

defi nition of, 168


continuity, 681

and fi nancial statement assertions, 170

Foreign Corrupt Practices Act, 170

information and communication, 169,

676

and information technology, 673





continuity, 681

information and communication,

676

monitoring, 677




risks, 674


key terms, 206

limitations of, 170

monitoring, 169, 676

obtaining understanding of, 171



643


646


reports on, 378

risk assessment, 169, 176, 677

risks, 674

Sarbanes-Oxley Act of 2002, 171

tests of, 177


when auditing with technology, 505

Internal control (audit) fl owcharts, 207,

684

Internal control checklist, 207

Internal control questionnaire, 207

Internal control written narrative, 207

Internal labels (IT systems), 681

Internal site, 683

International Accounting Standards

Board (IASB), 78, 80

International Auditing and Assurance

Standards Board (IAASB),

76, 80

International Ethics Standards Board for

Accountants (IESBA), 74

International Federation of Accountants

(IFAC), 76, 80

International Financial Reporting

Standards (IFRS), 78

International standards, 74

auditing/assurance, 76

ethical, 74–75

Internet, 656

Internet developer, 676

Interpretative (interpretive) publications,

80

Intranet/extranet developer, 676

Intranets, 666

Inventories and production (accounting

cycle), 195

Inventory(ies)

audit evidence, 273


Investing (accounting cycle), 199

Investment securities

audit evidence, 274

audit procedures, 275

IP address, 666

ISACA (Information Systems Audit and

Control Association), 673

ISP (Internet Service Provider), 673

Issuers, 381, 450

ITF (integrated test facility), 506, 511

Job accounting data/operating systems

logs, 507

Joystick, 657

Judgmental misstatements, 115, 484

Key (encryption), 670

Key positions, 55, 80

Key-to-disk, 657

Key-to-tape, 657

Kiting, 269

LANs (local area networks), 664, 668

Lapping, 271

Laptop computers, 656

Lead schedules, 269

Letters for underwriters, 364

defi ned, 381

Library management software, 507

Light pens, 657

Limit (reasonableness) test, 681

Limited (negative) assurance, 381, 450

Limited physical access (computer

facilities), 679

Loans, confi rmation of, 270

Local area networks (LANs), 664, 668

Logic check, 680

Logical views (databases), 663

Logs of transactions, backup of, 663

Long-term debt

audit evidence, 278


Loop (programming), 659

Loss contingencies, 281

Low-end accounting software, 658

Macro, 666

Magnetic disks, 656

Magnetic ink character reader (MICR),

657

Magnetic tape (or cartridge), 656

Magnetic tape reader, 657

Mainframe computers, 655

Maintenance phase (IT systems), 655

Management assessment (internal

controls), 179

Management discussion and analysis

(MD&A), 536

Management fraud, 115, 286

Management information systems, 654

Management reporting systems, 653


Index 743

Management’s discussion and analysis,

370

MANs (metropolitan area networks),

664

Manual follow-up of computer exception

reports, 681

Marketable securities, audit procedures

for, 265

Marketing, international standards for, 76

Master fi le, 661

Material misstatement

adjusting entries for, 282

of fact, 622


647


647

risk of, 81, 116, 286

tolerable, 475, 482, 485

total likely, 284

uncorrected, 485

Material weakness

defi ned, 207

internal controls, 179, 186


Materiality

defi ned, 115



MD&A (management discussion and

analysis), 536

Mean-per-unit estimation, 480, 484

Memory dump, 659

Menu driven input, 680

Meta-data, 662

Metropolitan area networks (MANs), 664

MICR (magnetic ink character reader),

657

Microcomputers, 656, 668

Miniframe computers, 655

MIPS (millions of instructions per

second), 657

Mirrored Web server, 683

Misappropriation of assets, 104

defi ned, 115

Missing data check, 680

Misstatement of fact, 621

Misstatement(s)

defi ned, 115, 484

expected amount of, 475

of fact, 622

factual, 115, 484

judgmental, 115, 484

material

adjusting entries for, 284

of fact, 622


647


647

risk of, 81, 116, 286

tolerable, 475, 482, 485

total likely, 284

uncorrected, 485

projected, 483

in audit sampling, 478

defi ned, 115, 484

tolerable, 75, 482

Modifi ed opinion, 381

Monitoring

internal control, 169, 173, 174

for IT systems, 677

Monitors, 658

Mouse, 657

Multiprocessing, 658

Multitasking, 658

Name of practice, AICPA rule for, 68

Nature of audit procedures, 258

Negative (limited) assurance, 381, 450

Negative assurance, 343, 367

Negative confi rmation requests

defi ned, 286

Network interface cards, 668

Networked database structure, 663

Networks, types of, 664

Noncompliance, 115

Nonissuer (nonpublic) companies, 433,

450

compilation and review engagements

for, 431

defi ned, 381, 425, 431

Nonresponse, 286

Nonsampling risk, 467, 485

Nonstatistical sampling, 467, 473

Normalization, 662

N-tier architecture, 667

Object program, 658

Objectivity

AICPA principle, 53

of internal auditors, 205


Object-oriented database structure, 663

Object-relational database structure, 663

Obtaining understanding

of client, 110

of internal controls, 171

OCBOA (other comprehensive basis of

accounting), 381, 432

Off-line (term), 657

OLAP (online analytical processing),

660

OLTP (online transaction processing),

659

Omitted procedures

defi ned, 286

discovered after report date, 283

Online (term), 657

Online analytical processing (OLAP),

660

Online real-time processing, 659

Online transaction processing (OLTP),

659

Operating systems, 658

Operating systems review, 507

Operational audits, 284

Operations manual, 679

Operations, IT, 676

Optical disks, 656

Other auditors

defi ned, 381

Other comprehensive basis of

accounting (OCBOA), 381,

432

Other information

defi ned, 621

Other-matter paragraph, 356

Output devices, 658

Overall client-server systems, 667

Owner’s equity

audit evidence, 279


Packets, 672

Parallel simulation, 507, 511

Parity check, 678

Partial presentations, 528

Passwords, 679

Patch (programming), 659

Payables (current)

audit evidence, 277


Peer review, 112

defi ned, 81

types of, 112

Period of the professional engagement,

55, 81

Periodic maintenance (IT systems), 678

Peripherals (computers), 657, 668

Permanent workpaper fi les, 269

Personal computers, 656

Personal fi nancial planning, 70

Personnel (IT systems), 669

Personnel and payroll (accounting

cycle), 196

Pervasive, 381

Piecemeal opinion, 353

Planning phase (IT systems), 654

Plotters, 658

Point-of-sale (POS) recorders, 657

Point-to-point communications, 671

Population

defi ned, 485


744 Index

Population effect, 471

Population size, 475, 482

POS (point-of-sale) recorders, 657

Positive confi rmation requests

defi ned, 286

Predecessor auditors

communicating with, 108

defi ned, 116, 381

review reports of, 446

Prepaid assets

audit evidence, 276


Preprinted forms, 680

Presumptively mandatory requirements

(SSARS), 433, 523

Primary memory (storage), 656

Principal auditors, 381

Print servers, 667

Printers, 658

Private key system, 670

Private networks, 664

Pro forma fi nancial information

AT 401, 531

Pro forma statements, 529

Probability-proportional-to-size (PPS)

sampling, 485

classical variables sampling vs., 484

defi ned, 485


Product services, 70

Professional behavior


Professional competence, international

standards for, 75

Professional judgment, 81, 116

Professional responsibilities, 51

AICPA requirements, 51

Accounting Principles (Rule 203),

64

Acts Discreditable (Rule 501), 66

Advertising and Other Forms of

Solicitation (Rule 502), 67

Commissions and Referral Fees

(Rule 503), 67

Compliance with Standards (Rule

202), 63

conceptual framework for


Confi dential Client Information

(Rule 301), 65

consulting services responsibilities,

69

Contingent Fees (Rule 302), 665

Ethics Rulings and Other

Responsibilities (Rule 591), 68

Form of Practice and Name (Rule

505), 68

general information, 51


PCAOB Independence Standards,

63

Independence (Rule 101), 53

Integrity and Objectivity (Rule

102), 60

personal fi nancial planning

responsibilities, 70

principles, 52

rules, interpretations, and rulings,

54

Department of Labor

key terms, 79

Government Accountability Offi ce,

78

international standards

auditing/assurance, 76

ethical, 74

Public Company Accounting

Oversight Board, 73

Sarbanes-Oxley Act of 2002, 72

Securities and Exchange Commission,

78

Professional skepticism, 81

defi ned, 81, 116

Program fl owcharts, 684

Program mapping, 506

Program testing, 506

Program tracing, 506

Programmed control activities, 677, 680

Projected misstatements, 483

in audit sampling, 478

defi ned, 115, 484

Projections, fi nancial, 368

Proof totals, 680

Property, plant, and equipment (PPE)

audit evidence, 275


Proprietary networks, 672

Prospective forecasts, 528

Protocol, 659

Proxy server, 665

Public (issuer) companies

compilation and review engagements

for, 431

defi ned, 381, 425, 450

Public Company Accounting Oversight

Board (PCAOB), 81

defi ned, 81



642


643


643


644


646


646


647

PCAOB Auditing Standard No. 8

through 16, 647

professional responsibilities, 72

Public databases, 510

Public domain software, 666

Public interest (AICPA principle), 52

Public networks, 664, 672

Purchases, payables, and cash

disbursements (accounting

cycle), 191

Qualifi ed opinions

defi ned, 381

Quality control



646

Quality control standards

defi ned, 81, 116

Quality review process, 284

Quarterly reporting, 363

Radio frequency data communication, 657

RAID (redundant array of independent

disks), 656

Random-number sampling, 470

Ratio estimation, 481, 485

REA data models, 662

Reasonable assurance, 116, 381

Reasonableness (limit) test, 681

Receivables

audit evidence, 271


controls over, 182

Reciprocal agreement, 683

Record count, 680

Records, 661

Redundant array of independent disks

(RAID), 656

Redundant data check, 680

Referral fees, AICPA rule for, 67

Regression approach, 481

Related-party transactions, 280

audit evidence, 282

defi ned, 286

Relational database structure, 663

Relevance of audit evidence, 257

Relevant assertions

defi ned, 102, 116, 286


Reliability

of audit evidence, 257


Index 745

Remaining period (audit procedures),

109

Remuneration, international standards

for, 75

Report release date, 643

Reporting

consistency, 349

accounting changes, 349

departure from standard report,

reasons for

departures from GAAP, 352

going concern question, 348

inconsistent application of GAAP,

349

scope limitation, 353

negative assurance, 343, 367

opinions

adverse, 353

disclaimer, 353

except for (piecemeal), 353

quarterly reports, 363

report form

introductory paragraph, 365

short form, 345

standard unmodifi ed report, 345

types of reports

agreed-upon procedures, 344, 368

application of accounting

principles, 365

compiled statements, 363

compliance

attestation engagements, 365

agreed-upon procedures, 368

examinations, 343, 376

auditing of federal fi nancial

assistance programs

under GAAS, 377

under GAS, 378

under Single Audit Act, 378

report examples, 376

comprehensive basis other than

GAAP, 365

fi nancial forecasts and projections,

368

internal control, 378

letters for underwriters, 364

management’s discussion and

analysis, 370

pro forma fi nancial information,

369

quarterly, 363

reviewed statements, 343, 363

Reporting accountants, 81

Reports and reporting

applicable fi nancial reporting

framework, 432

applicable fi nancial reporting

framework, 624

auditor’s reports


642


644

auditor’s reports

standard audit report, 381

subsequent discovery of facts

existing at date of, 282

fraudulent, 104

defi ned, 115, 286

on internal control, 169, 184

on management’s description of a

service organization’s system

and the suitability of the design

and operating effectiveness of

controls, 207, 540




of controls, 539




of controls, 207


on pro forma fi nancial information, 531

special reports, 381

Representation

client representation letters, 280

written, 286

Representation letters, 280

Required supplementary information

(RSI), 624

Responsibilities (AICPA principle), 51

Responsible party, 524

Restricting privileges, 66

Retained earnings, 279

Revenue (audit evidence), 279

Review

accountant’s report, 363

of interim fi nancial information

Review evidence, 433

Review(s)

AT 101, 525

defi ned, 450

nature of, 428

planning, 428

procedures for, 428

reporting issues with, 429



Services, 431

Risk

audit, 467

of material misstatement, 81, 116, 286

nonsampling, 467

sampling, 467

Risk assessment


internal control, 169, 173, 176

for IT systems, 676

PCAOB Auditing Standard No. 8

through 15, 646

Risk assessment procedures, 258

defi ned, 116, 286

Risk of assessing control risk too high

(alpha risk, type I error), 469,

485

Risk of assessing control risk too low

(beta risk, type II error), 469,

485

Risk of incorrect acceptance (beta risk,

type II error), 474, 482, 485

Risk of incorrect rejection (alpha risk,

type I error), 474, 482, 485

Risk response (PCAOB Auditing

Standards No. 8 through 15),

647

Risk(s)

with IT systems, 664

Rollback, 683

Routers, 665

RSI (required supplementary

information), 624

Run (programming), 659

Sales, receivables, and cash receipts

(accounting cycle), 188

Sample size equation, 482

Sampling interval, 477

Sampling risk, 467

defi ned, 485

quantifying, 467



Sampling unit, 474, 485

Sarbanes-Oxley Act of 2002 (SOX), 81

defi ned, 81, 207


professional responsibilities, 81

Scanner, 657

Scanning, 286

SCARF (systems control audit review

fi les), 507

Scope and nature of services

AICPA principle, 53

Scope limitation, 353

SEC (Securities and Exchange

Commission), 78

Second opinions, international standards

for, 75

Secondary storage, 656

Securities and Exchange Commission

(SEC), 78

Security (IT systems), 508, 668


746 Index

Segregation controls, 675, 678

between IT department and user

departments, 675

IT systems, 679

Segregation of duties, 188

Self-insurance, 276

Sequential (stop-or-go) sample size

approach, 472

Service auditors

defi ned, 207, 540

Service organizations

AT 801, 539

defi ned, 207, 540

Service organization’s system, 207

Shared responsibility opinions, 381

Short-form audit report, 345

Side agreements, 280

Signifi cant accounts and disclosures,

179

Signifi cant defi ciency

defi ned, 208


Signifi cant relationship, 60

Signifi cant risk, 116

Single Audit Act, 381

Snapshot, 506

Software, 658

access control and security, 508

access controls, 679

computerized audit tools, 509

fl owcharting, 506

generalized audit software, 507, 509,

511

library management, 507

for local area networks, 668

text retrieval, 510

word processing, 510

Solicitation

AICPA rules for, 67


Source documents, 187

Source program, 658

Special reports

defi ned, 381

fi nancial forecasts and projections,

365

letters for underwriters, 364

pro forma fi nancial information, 365

specifi ed elements

agreed-upon procedures, 344, 366

Specialists, using the work of, 281

Spreadsheets, electronic, 510

SQCS (statement on quality control

standards), 112

SQL (structured query language), 662

Staff and other support services, 70

Standard audit report, 381

Standard confi rmation forms (audit

evidence), 270

Standard deviation

defi ned, 480

estimated, 482

Statement of cash fl ows, audit of, 283

Statement on quality control standards

(SQCS), 112

Statements on Auditing Standards

(SAS), 44, 47

Statements on Standards for Accounting

and Review Services (SSARS),

431

AR 60, 431

AR 80, 435

AR 90, 439

AR 110, 444

AR 120, 444

AR 200, 445

AR 300, 447

AR 400, 447

AR 500, 449

AR 600, 449

Statements on Standards for Attestation

Engagements (SSAE), 523

AT 20, 523

AT 50, 523

AT 101, 523

AT 201, 526

AT 301, 528

AT 401, 531

AT 501, 533

AT 601, 533

AT 701, 536

AT 801, 539

Statistical sampling, 467

attributes sampling, 468, 469

defi ned, 485

sampling plans, 468

in substantive testing, 468


variables sampling, 468

Stockholders’ equity, 279

Storage devices, 656

Stratifi cation, 481, 485

Structured query language (SQL), 662

Subject matter, forms of, 524

Submission of fi nancial statements

defi ned, 433

Subsequent discovery of facts existing at

date of audit report, 282

Subsequent events, 282

defi ned, 286

Subservice organizations, 540

Substantive audit procedures, 258, 261

audit programs, 261

for cash, 270

defi ned, 116, 208, 286

documentation, 267

for inventory, 273

for investment securities, 274

for long-term debt, 278

for payables, 277

for prepaid assets, 276

for property, plant, and equipment, 275

for receivables, 271

for stockholders’ equity, 279

types of, 260

Substantive tests of details

audit sampling, 468, 474

classical variables sampling, 480

comparing PPS to classical

variables sampling, 484

probability-proportional-to size

(PPS) sampling, 476

sampling risk, 474

Successor auditor

defi ned, 116, 381

Suffi ciency, of audit evidence, 257, 286

Supercomputers, 655

Supervision


647

Supplementary information

defi ned, 622

Switch, 665

System development lifecycle, 675

System fl owcharts, 682

System review, 112

Systematic sampling, 470

Systems analysis, 675

Systems control audit review fi les

(SCARF), 507

Systems logs, backup of, 663

Systems programming, 675

Systems software, 658

Systems software review, 507

TCP/IP (Transmission Control Protocol/

Internet Protocol), 666

Telecommunications, 664, 672

Test data, 506, 511

Testing phase (IT systems), 655

Tests of controls, 174, 177, 258

audit sampling, 468

nonstatistical sampling, 473

sampling risk, 469


computerized audit tools for, 506

defi ned, 116, 208

test design and operating effectiveness

of controls, 182

top-down identifi cation of controls to

test, 181


Index 747

Tests of details of transactions, balances,

and disclosures, 261

Text retrieval software, 510

Those charged with governance

communication with, 204

defi ned, 208

Three-tier architectures, 667

Timing of audit procedures, 109, 258

Tolerable misstatement (error), 475,

482, 485

Tolerable rate (tolerable deviation rate),

471, 485

Total likely misstatement, 284

Touch-sensitive screen, 657

Trade loading, 280

Traditional fi le processing systems, 661

Transaction fi le, 661

Transaction logging, 507

Transaction processing systems, 653

Transaction services, 70

Transmission media, 668

Trojan horse, 666

Turnaround documents, 657

Unaudited statements, 39

Uncertainty (audit sampling), 467

Unconditional requirements (SSARS),

433, 523

Uncorrected misstatements, 485

Understanding

of client, 110

Underwriters

letters for, 364, 381

Uniform CPA Examination, 3

applying to take, 4

attributes for success in taking, 5

content of, 3

grading of, 17

nondisclosure and computerization of, 4

obtaining Notice to Schedule, 5

planning for, 13

process for sitting for, 4

purpose of, 3

scheduling of, 5

self-study program for, 10

solutions approach to, 19

strategy for taking, 27

types of questions on, 4

Uniform Resource Locator (URL), 665

Unmodifi ed opinion, 381

Unrecorded liabilities, 277

Unrecorded retirements (PP&E), 276

User auditors

defi ned, 208, 540

User control activities, 681

User department, 663

User entity

complementary user entity controls,

539

defi ned, 208, 540

Utility programs, 658

Validity check, 680

Value-added networks (VANs), 671

VANs (value-added networks), 671

Variables sampling

classical, 480

defi ned, 468, 485

probability-proportional-to-size, 476,

484

Variation, within sample population,

475

Verifi cation of processing (IT systems),

669

Virtual memory (storage), 659

Virus, 666

Visitor entry logs, 679

Visual display terminal, 657

Voice recognition, 658

Walk-through, 208

WANs (wide area networks), 664

Web administrator, 676

Web browsers, 665

Web coordinator, 676

Web designer, 676

Web manager, 676

Web master, 676

Web servers, 665

WebTrust, 370

Wide area networks (WANs), 664

Word processing software, 510

Working trial balance, 269

Workstations, 666, 668

World Wide Web (Web, WWW), 665

Worm, 666

Written representation, 286

WWW (World Wide Web), 665

XBRL (Extensible Business Reporting

Language), 665

XML (Extensible Markup Language),

665

Zip disks, 656


Index [] · Audit software, 663 Audit strategy, 115 Auditing standards international standards, 76...

Documents

Transcript of Index [] · Audit software, 663 Audit strategy, 115 Auditing standards international standards, 76...