Review Questions Solutions
Chapter 16, Topics Beyond the Integrated Audit
A1 What is ACFR?
Association of Certified Fraud Examiners
A2 What are investigative services? Litigation support?
Investigative services typically focus on investigations of accounting records and
transactions or suspected frauds and may or may not involve testifying in court.
Litigation support generally involves the forensic accountant serving as an expert witness
in a court case.
A3 In what way does a forensic accountant approach an engagement differently
from an auditor?
A forensic accountant’s potential work addresses a broader scope than an auditor’s work,
in that it includes investigative services and litigation support. When performing a fraud
investigation, the forensic accountant’s mind-set is that all cases may involve illegal acts
and result in litigation.
A4 What is the fraud triangle, and how is the theory useful to a forensic accountant?
The fraud triangle theory suggests that a fraud conducive environment exists in the
presence of pressure, opportunity and rationalization. The fraud triangle theory is useful
to forensic accountants because they look for evidence of these types of situations.
A5 What types of evidence might a forensic accountant use that are typically beyond
the scope of an audit?
Real estate records
Corporate and partnership records
Other public records
Restricted data bases such as the Financial Crimes Enforcement Network
Physical and electronic surveillance data
Laboratory analysis of physical and electronic evidence
B1 Based on the IIA definition, what are the components of internal auditing?
1. An independent, objective assurance and consulting activity
2. designed to add value and improve an organization’s operations.
3. It helps an organization accomplish its objectives
4. by bringing a systematic, disciplined approach
5. to evaluate and improve the effectiveness of risk management, control, and governance
B2 How can an internal auditor be independent while being an employee of the
Rather than being organizationally independent (like an outside auditor), internal auditors
are independent because they are objective in performing their tasks and reporting results
even though they are employed by the company being audited.
B3 What is the name of the professional standards that apply to internal auditors,
and what two types of standards are included?
The International Standards for the Professional Practice of Internal Auditing
B4 How do management and internal audit activities differ in evaluating and
assessing ICFR to comply with Sections 302 and 404 of SOX?
It is management’s responsibility to assess ICFR and issue reports on its effectiveness. If
the internal audit function is performing audit work for the company, rather than
functioning as in internal “special projects” team, then it should not be performing
management responsibilities such as
1. Concluding on the effectiveness of ICFR on behalf of management
2. Making or directing key management decisions regarding internal controls,
remediation activities, and SOX compliance
3. Implementing internal controls
4. Performing control activities
(Note that even those this is the case, in many companies, the internal audit department
becomes involved in analyzing the design and testing the operating effectiveness of
ICFR, simply because the people in internal audit are the best prepared to complete the
C1 What is the difference between financial statement and compliance audit work?
Why do government units and other entities need compliance audits?
Financial statement audits address the fairness of the presentation of the financial
statements. Compliance audit work addresses whether funds received were spent in a
manner consistent with the contract under which they were dispersed; other requirements
beyond how the money was spent can be the target of compliance audit work.
When entities receive funds from the federal government they are required to be
accountable and they must follow regulations that come alone with receiving the money.
“As a result of the requirement for accountability, auditors must determine whether
government units are ‘in compliance’ with the provisions of any federal awards
C2 What is the benefit of the Single Audit Act?
Basically, the Single Audit Act states that a government entity (or nonprofit organization)
that has to provide audited financial statements and compliance reports is only audited
once, and the result of that “Single” audit must provide all the audit outputs needed that
the government unit or nonprofit entity has to provide to any funding source. Even if it
gets funds from more than one source, its audit has to be conducted to satisfy the audit
requirements of all the funding sources.
C3 What is included in the Yellow Book, and who publishes it?
The Yellow Book is a term for the publication of Government Auditing Standards. It was
called the Yellow Book because when in hard copy, its cover was yellow. The
Government Accountability Office publishes the Government Auditing Standards.
C4 What does GAGAS stand for?
Generally Accepted Government Auditing Standards
C5 What is the primary purpose of the Government Accountability Office (GAO)?
What activities does it carry out to accomplish its purpose?
The primary role is to support congressional oversight of the executive branch of the U.S.
government. The GAO audits federal government expenditures, evaluates whether
federal government programs are meeting objectives, investigates alleged illegal and
improper acts, and issues legal opinions in various areas of federal law.
D1 What are the different levels of financial statement assurance provided by
audits, reviews, and compilations?
Audits provide the highest level of assurance, what is known as positive assurance. The
auditor offers an opinion on the financial statements or ICFR.
Reviews provide a lower level of assurance. This is called moderate or limited assurance.
The report states that the accountant is not aware of any material modifications that need
to be made to the financial statements so that they will be in conformity with the
Compilations provide no assurance regarding the fairness of the financial statements.
D2 What is required of an accountant to perform a compilation? Do any procedures
have to be conducted to verify the accuracy or integrity of information received
from the entity and used as the basis for the financial statements?
1. An accountant must be knowledgeable about the accounting principles and practices of
the industry in which it operates.
2. An accountant must have knowledge about the specific client. A general understanding
of the client’s
b. operating characteristics
c. nature of its assets, liabilities, revenues and expenses
d. accounting principles and practices
e. changes in accounting principles and practices
f. business model as compared to normal practices within the industry
3. The accountant must establish an understanding with the client about the terms of the
engagement, any limitations on the use of the financial statements, and must document
the understanding through a written communication with management.
The accountant does not have to verify the accuracy or integrity of the information
provided by management for a compilation engagement, but must read the financial
statements and consider whether the information seems appropriate and is free of obvious
D3 Why is it particularly important to establish an understanding with the client
about the terms and limitations of a compilation engagement?
To be sure the client does not misunderstand the nature of a compilation. It is important
that the client understand that a compilation is different from an audit or a review and that
it does not provide any assurance.
D4 What level of assurance is provided by an accountant resulting from a review
engagement and what does this mean?
Limited assurance; the accountant is not aware of any material modifications that should
be made to the financial statements in order for them to be in accordance with the
D5 What procedures are performed in a review engagement? What additional
procedures are performed if another accountant has performed a review or an audit
related to the entity?
Inquiry and analytical procedures
Obtain written representations
If another accountant has performed a review or an audit related to the entity, the
accountant obtains and considers those reports in addition to other procedures of a
E1 What subjects are common targets of attest engagements?
Financial forecasts and projections
Compliance with laws and regulations
Effectiveness of internal control for nonpublic companies
Accuracy and reliability of reported performance measures
Management Discussion & Analysis compliance with SEC standards
E2 What levels of assurance can an accountant provide as the result of an attest
engagement, and what are the respective engagements called?
The accountant usually provides either positive (for an examination engagement) or
limited assurance (for a review engagement); for a compilation of a forecast or projection
the accountant provides no assurance. Agreed upon procedures engagements also provide
E3 What is the meaning of the term assertion as it relates to an attest engagement?
Who makes the assertion?
A written assertion declares something about the subject matter. The responsible party
makes the assertion.
E4 What are the characteristics of suitable criteria? Why are they needed for an
attest engagement to be possible? What are the objective criteria for financial
Suitable criteria must have the following attributes:
Suitable criteria are necessary in order for the practitioner to have a standard against
which to evaluate the subject matter. Accounting standards (GAAP or other standards)
are the objective criteria for financial statements.
E5 Under what circumstances do attest reports have limited distribution?
1. The criteria used to evaluate the subject matter are appropriate only for a limited
number of parties who participated in their establishment or have an adequate
understanding of the criteria.
2. The criteria used to evaluate the subject matter are available only to specified parties.
3. A written assertion has not been provided by the responsible party.
(For prospective financial statements, only examination level engagements of forecasts
are intended for general use. All others – any engagements on projections and
compilations on forecasts – are limited use reports. Any agreed upon procedures reports
are limited use reports.)
F1 Why do underwriters require comfort letters?
Underwriters want comfort letters as a part of their due diligence on the offering of public
securities. It provides evidence that they have tried to determine that the information is
valid and legitimate. Comfort letters are effectively a way to shift the risk if something
goes wrong away from themselves and to the auditors.
F2 What procedures are performed in a review of interim financial information of a
1. Primarily inquiry and analytical procedures
2. The auditor must establish an understanding with the client about the nature of the
services to be performed.
F3 Are public companies required to have their interim financial information
review? When are reviews performed?
Yes, public companies must have their interim information reviewed and the review must
be completed before the information is filed with the SEC.
F4 In what circumstances does the auditor performing a review of a public
company’s interim financial information have to issue a review report?
The auditor usually does not issue a review report, but may do so if the client wants one.
The SEC requires a written review report if the company makes some reference to the
review in one of its SEC filings.
F5 What is required of the auditor when a company offers securities for sale in a
A registration statement associated with the offering of securities to the public must
include financial statements and other financial information. The registration statement
must include the written consent of the accountants who were involved in preparing or
certifying any part of the registration statement. So, the auditors who issued an opinion
(or performed a review) on financial statements must provide a consent that it be used.