Chapter 21 Chapter 21 Assurance, Attestation, and Internal Auditing Services McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 21Chapter 21
Assurance, Attestation, and Internal Auditing Services
McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
21-2
Assurance Services
Assurance services are independent
professional services that improve the
quality of information, or its context, for decision makers.
LO# 1
21-3
LO# 1
Assurance Services
21-4
LO# 1
Decision Model
21-5
Types of Assurance Services
Risk Assessment
Business Performance Measurement
Information System
Reliability
Electronic Commerce
Healthcare Performance
Measurement
PrimePlus
LO# 2
21-6
Attest Engagements
Attest services occur when a practitioner is engaged to issue or
does issue a report on subject matter, or an
assertion about subject matter, that is the responsibility of
another party.
LO# 3
21-7
LO# 3
Attest Engagements
21-8
Types of Attest Engagements
Attest Engagements
Examination
Review
Agreed-Upon
Procedures
LO# 4
21-9
Attestation Standards
Attestation Standards
General Fieldwork Reporting
LO# 5
21-10
General Standards
Adequate Technical Training & Proficiency
Adequate Knowledge of Subject Matter
IndependenceDue Professional
Care
Subject Matter Capable of Evaluation
LO# 5
21-11
Standards of Fieldwork
Adequate Planning & Supervised Assistants
Obtain Sufficient Evidence
LO# 5
21-12
Standards of Reporting
Identify Subject Matter or Assertion
State Conclusion
State Significant Reservations
Restricted Use of Report in Certain Circumstances
LO# 5
21-13
Reporting on an Entity’s Internal Control over Financial Reporting
The Federal Deposit Insurance Corporation Act of 1991 requires that the management of large financial institutions issue a report on the effectiveness of the
institution’s internal control and that they engage accountants to attest to management’s report.
The Sarbanes-Oxley Act of 2002 imposed similar requirements on all publicly held
companies.
LO# 6
21-14
Conducting an Engagement
Necessary Conditions
1. Management of the entity accepts responsibility for the effectiveness of the entity’s internal control.
2. The responsible party evaluates the effectiveness of the entity’s internal control using suitable criteria (referred to as control criteria).
3. Sufficient competent evidence exists or could be developed to support the responsible party’s evaluation.
4. Management provides to the practitioner its written assertion based on control criteria referred to in its report.
LO# 6
21-15
Financial Forecastsand Projections
Auditors have been asked to provide assurance with respect to prospective financial statements. The
practitioner can examine, apply agreed-upon procedures, or compile the prospective financial statements if such statements are expected to be
used by a third party.
LO# 7
21-16
LO# 7
Standard Forecast
21-17
LO# 7
Standard Projection
21-18
LO# 7
Agreed-Upon Procedures
21-19
LO# 7
Standard Compilation
21-20
Accounting and Review Services
Compilations Reviews
Many nonpublic businesses do not need an audit of their financial statements. However, these entities may employ a CPA to assist with preparing their
financial statements, tax returns, or other financial documents.
LO# 8
21-21
LO# 8
Levels of Assurance
21-22
Compilation of Financial Statements
A compilation is defined as presenting, in the form of financial statements, information that is the representation of management or owners
without expressing any assurance on the statements.
Compilation with Full
Disclosure
Compilation that Omits
Disclosures
Compilation when CPA
is not Independent
LO# 8
21-23
LO# 8
Compilation with Full Disclosure
21-24
LO# 8
Compilation Without Disclosures
21-25
Review of Financial Statements
A review is defined as the performance of inquiry and analytical procedures to provide the accountant with a reasonable basis for
expressing limited assurance that no material modifications should be made to the
statements in order for them to conform to GAAP (or other comprehensive basis of
accounting).
LO# 8
21-26
Review of Financial Statements
A Review Involves
1. Obtain knowledge of the accounting principles and practices of the industry and an understanding of the entity’s business.
2. Obtain a general understanding of the entity’s organization, its operating characteristics, and the nature of its assets, liabilities, revenues and expenses.
3. Ask the entity’s personnel questions.4. Perform analytical procedures. 5. Read the financial statements to determine if they conform to
GAAP.6. Obtain reports from other accountants, if any.7. Obtain a representation letter from management.
LO# 8
21-27
LO# 8
Standard Review
21-28
Conditions That May Result in Modification of a Compilation or
Review Report
Departure from GAAP
Going-Concern
Uncertainty
LO# 8
21-29
LO# 8
Review with GAAP Departure
21-30
Internal Auditing
Internal auditing is an independent, objective assurance and consulting activity designed to add value and
improve an organization’s operations.
It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of risk management, control, and governance processes.
LO# 9
21-31
Institute of Internal Auditors (IIA) Standards
Standards and Ethics
Practice Advisories
Practice Aids
The IIA oversees and sets standards for internal auditing internationally.
LO# 9
21-32
IIA Code of Ethics
Principles
Integrity
Objectivity Confidentiality
Competency
LO# 9
21-33
Internal Auditors’ Roles
Evaluating Risks and Controls
Reviewing Compliance
Financial Auditing Operational Auditing
LO# 9
21-34
LO# 9
Internal Audit Function
21-35
Interactions between Internal and External Auditors
Some of the work performed
by internal auditors is
directly relevant to the
work of the independent
auditor.
Before relying on the work of
internal auditors, the
external auditor must evaluate
the internal auditors’
objectivity and competence.
LO# 9
21-36
Trust Services
Security
Availability
Processing Integrity
Online Privacy
Confidentiality
Five Principles Five Principles of Trust of Trust ServicesServices
LO# 10
21-37
WebTrust Services
CPA WebTrust
Assurance Servicesrelating to Electronic Commerce
LO# 11
21-38
SysTrust Services
SysTrust
Assurance Servicesrelating to Information Systems
LO# 12
21-39
PrimePlus Services
CPA PrimePlus Services
Consulting/Facilitating Services Direct Services
Assurance Services
LO# 13
21-40
End of Chapter 21