Business Assurance and Risk Management

Questions and Answers

What is the first step in the professional judgment framework of accounting and auditing?

• Document rationale for the professional judgment.
• Gather and evaluate the relevant evidence.
• Consider the possible alternatives. (correct)
• Reach an audit conclusion.

Which organization is responsible for the annual Hall of Fame voting process?

• Baseball Hall of Fame Board
• Major League Baseball Executive Office
• Baseball Writers' Association of America (correct)
• Professional Baseball Players Association

Who is responsible for verifying the eligibility of voters in the Hall of Fame voting process?

• EY, one of the largest audit firms (correct)
• The Sports Media Association
• Major League Baseball auditors
• Baseball Hall of Fame Management

What aspect of professional judgment must be carefully documented according to the framework?

Rationale for the professional judgment reached. (D)

Which type of service is NOT categorized under auditing and assurance services?

Human Resource Consulting (C)

What is the primary purpose of assurance services?

To improve the quality of information for decision makers (A)

Which of the following is NOT an element of assurance services?

Advisory recommendations (D)

What does information risk refer to?

The likelihood of information being false or misleading (D)

Which of the following is an example of an attestation engagement?

Examination of management’s discussion and analysis (C)

What is a common demand from users regarding information provided by companies?

Timeliness of information (C)

Which of the following best describes the relationship between assurance, attestation, and audit engagements?

Assurance services enhance the quality of information, while attestation focuses on assertions (D)

Which of the following is an assurance service?

Investment management policy evaluation (B)

What do users expect from third-party assessments of information?

Independent evaluation of reliability (D)

Which Big Four CPA firm has the highest total revenues?

Deloitte (D)

What percentage of EY's total revenue comes from auditing and assurance services?

34% (C)

Which service contributes the most to Deloitte's total revenue?

Advisory services revenues (A)

Which of the following services is prohibited by the Sarbanes-Oxley Act for audit clients?

Internal audit outsourcing (B)

What is the percentage of total revenue from tax services for PwC?

24% (D)

Which service provides the least revenue for KPMG?

Auditing and assurance services (C)

How much revenue does PwC generate from auditing and assurance services?

$17.0 billion (D)

Which of the following services is not included in the prohibited list by Sarbanes-Oxley for audit clients?

Auditing services (C)

What is the general educational requirement for a Certified Public Accountant (CPA)?

At least 150 semester hours (B)

How many years of experience is generally required for certification as a Certified Internal Auditor (CIA)?

2 years of internal auditing experience (A)

Which certification requires a bachelor’s degree or passing specific examinations such as CPA, CFA, CIA, or CFE?

Certified Management Accountant (CMA) (D)

What is the typical experience requirement for a Certified Information Systems Auditor (CISA)?

5 years of professional experience in information systems auditing (A)

For the Certified Fraud Examiner (CFE) certification, what is an alternative requirement if the educational prerequisites are not met?

Relevant professional experience may reduce education requirements (B)

What level of education is generally NOT required for the Certified Internal Auditor (CIA)?

Doctorate degree (B)

How does the experience requirement for the Certified Management Accountant (CMA) differ compared to that of the Certified Internal Auditor (CIA)?

CMA requires more experience (B)

What is an alternative to a degree for obtaining a Certified Public Accountant (CPA) certification?

Working under a licensed CPA (C)

What is one of the key focus areas of the Certified Public Accountant (CPA) exam coverage?

Auditing and attestation (A)

Which area is included in the Certified Internal Auditor (CIA) exam coverage?

Business knowledge of internal auditing (C)

What is a primary focus of the Certified Fraud Examiner (CFE) exam?

Fraud prevention and deterrence (A)

Which of the following is NOT covered in the exam for Certified Management Accountant (CMA)?

Auditing and attestation (A)

In which area does the Certified Information Systems Auditor (CISA) exam place significant emphasis?

Information systems operations and business resilience (D)

What is a unique component of the Certified Internal Auditor (CIA) exam compared to the CPA exam?

Essentials of internal auditing (C)

Which of the following topics is included in the exam coverage for Certified Fraud Examiner (CFE)?

Investigation of fraud schemes (A)

Which regulatory topic is part of the Certified Public Accountant (CPA) exam requirements?

Financial accounting and reporting (C)

What is the total number of questions included in the AUD section of the CPA exam?

72 multiple-choice questions and 8-9 task-based simulations (B)

Which skill has the highest weight allocation in the AUD section of the CPA exam?

Application (C)

In the new CPA exam structure proposed for 2024, which section is NOT included?

Financial Statement Analysis (C)

What is the weight allocation for the content area of 'Assessing Risk and Developing a Planned Response' in the AUD section?

25-35% (A)

Which of the following skill categories has the least weight in the AUD section?

Evaluation (D)

How many hours are allotted for completing the AUD section of the CPA exam?

4 hours (D)

Which of the following statements about the CPA exam changes in 2024 is true?

New sections will be introduced to the exam. (A)

What is the weight allocation for the content area of 'Forming Conclusions and Reporting' in the AUD section?

10-20% (D)

Flashcards

Audit conclusion

The final judgment reached by an auditor after evaluating evidence.

Professional judgment

The careful, reasoned decision-making process used in auditing.

Relevant evidence

Information directly related to the audit issue being considered.

Hall of Fame vote verification

Independent verification of eligible voters and accurate vote count.

Audit rationale

Clear explanation of the reasoning behind audit conclusions.

Information Risk

The probability that information circulated by a company is inaccurate or misleading.

Assurance Services

Independent professional services that improve information quality for decision-makers.

Assurance Elements

Key components of assurance, including independence, professional service, and improving information quality.

Attestation Engagement

A service where a professional examines if management claims about a subject matter are trustworthy.

Financial Attestation

An attestation engagement focusing on financial statements or related information (e.g., forecasts).

Business Risk

Risk that a company might fail to achieve its goals.

User Demand

People's need for reliable, timely, and accurate information from remote sources.

Cybersecurity Risk Assessment

An assurance service for evaluating cybersecurity threats for decision-makers.

Big Four CPA Firms Revenues

Deloitte, EY, KPMG, and PwC reported total revenues in billions for 2021.

Auditing and Assurance Services

One of the key service provided by Big Four firms, revenue generation segment of their business.

Tax Revenues

Another important service of the Big Four CPA firms.

Advisory Services

Consulting type services, often for strategic advice and support.

Sarbanes-Oxley Act Prohibitions

Limits the services that accounting firms can provide to their audit clients to reduce conflicts of interest.

Prohibited Bookkeeping Services

Auditing firms cannot do bookkeeping for clients they audit

Prohibited Financial Systems Design

Audit firms cannot create, implement or redesign financial IT systems for audit clients.

Prohibited Legal Services

Auditing firms cannot provide legal support beyond the actual audit work.

CPA (Certified Public Accountant)

A professional accountant who has met specific education and experience requirements and passed a rigorous exam. They provide a range of services like auditing, tax preparation, and financial consulting.

CISA (Certified Information Systems Auditor)

A professional who has expertise in information systems auditing, control, and security. They help organizations assess and manage risks related to their IT infrastructure.

CIA (Certified Internal Auditor)

A professional who conducts internal audits to evaluate an organization's operations, risk management, and control procedures.

CFE (Certified Fraud Examiner)

A professional trained to detect, investigate, and deter fraud. They possess expertise in fraud prevention, detection, and investigation.

CMA (Certified Management Accountant)

A professional who specializes in management accounting, which involves analyzing financial data to support decision-making and planning.

Education Requirements for CPAs

Specific education requirements vary by state. Typically, it involves 150 hours of coursework, often including a bachelor's degree in accounting.

Experience Requirements for CPAs

CPAs typically need 1-2 years of professional experience working under a licensed CPA, but this can vary by state.

Common Experience Requirements for Certifications

Many certifications require a minimum of 2 years of relevant professional experience. However, some certifications accept substitutions, such as a master's degree, or waivers.

CPA Exam Sections

The CPA exam is divided into four sections: Auditing and Attestation (AUD), Business Environment and Concepts (BEC), Financial Accounting and Reporting (FAR), and Regulation (REG).

Task-Based Simulations

These simulations test higher-order skills, such as analysis, judgment, and communication, by requiring candidates to apply knowledge in a real-world context.

CPA Exam Weighting (AUD)

The AUD section focuses on areas like ethics, risk assessment, evidence gathering, and reporting, with varying weights assigned to each.

CPA Exam Skills (AUD)

The AUD section assesses skills like evaluation, analysis, application, and remembering and understanding accounting concepts.

CPA Exam Changes (2024)

The CPA exam is being revised to include three new sections: Business Analysis and Reporting (BAR), Information and Systems Control (ISC), and Tax Compliance and Planning (TCP).

CPA Evolution

This initiative aims to modernize the CPA licensure model, focusing on skills and knowledge relevant to today's business environment.

What is BAR?

The Business Analysis and Reporting (BAR) section will assess knowledge related to business analysis, reporting, problem-solving, and decision-making.

What is ISC?

The Information and Systems Control (ISC) section will focus on internal controls, data management, cybersecurity, and information technology.

Certified Public Accountant (CPA)

A professional accounting designation requiring education, experience, and passing a rigorous exam. CPAs provide auditing, tax, and advisory services to businesses and individuals.

Certified Information Systems Auditor (CISA)

A certification for professionals who audit, control, and govern information systems. They ensure the security, integrity, and effectiveness of IT systems.

Certified Internal Auditor (CIA)

A certification for professionals who audit internal processes within an organization. They assess risks, improve efficiency, and ensure compliance with regulations.

Certified Fraud Examiner (CFE)

A certification for professionals who investigate and prevent fraud. They identify red flags, analyze evidence, and work with law enforcement.

Certified Management Accountant (CMA)

A certification for professionals who focus on strategic financial planning, performance analysis, and decision-making within organizations.

What is the purpose of a Certified Public Accountant?

To provide assurance and expertise in financial reporting, auditing, tax preparation, and consulting for businesses and individuals.

What is the difference between a CISA and a CIA?

A CISA focuses on the security and integrity of information systems, while a CIA audits internal processes and controls within an organization.

How does a Certified Fraud Examiner help businesses?

By investigating and preventing fraud, identifying red flags, analyzing evidence, and collaborating with law enforcement.

Study Notes

User Demand for Reliable Information

• Business risk is the risk an entity will fail to meet its objectives.
• Today's environment is complex with information demanded by remote users and in a timelier manner, having far-reaching consequences.
• Information risk is the probability that information circulated by a company will be false or misleading.
• Users demand independent third-party assessments of the information.

Relationships Among Assurance, Attestation, and Audit Engagements

• Assurance engagements are a broader category encompassing attestation engagements.
• Attestation engagements are a service where a practitioner examines whether management's assertions about a subject matter can be relied upon.
• Financial statement audit engagements are a type of attestation engagement.

Assurance Services

• Assurance services are independent professional services that improve information quality or context for decision-makers.
• Examples include cybersecurity risk assessment, XBRL reporting, investment management policy evaluation, internal audit outsourcing, and fraud prevention.

Assurance Elements

• Independence is crucial, eliminating conflicts of interest.
• Professional service relies on education and experience.
• Improving information quality is the key objective.
• Relevance and reliability/credibility reflect the usefulness and trustworthiness of the information.
• Services benefit decision-makers, the beneficiaries.
• Assurance focuses on using information for decision-making, not providing recommendations.

Attestation Engagements

• Attestation engagements, as defined by the AICPA, examine whether assertions made about a subject matter are reliable.
• These engagements can cover financial forecasts/projections, examination of management discussion and analysis, and pro-forma financial information.
• They can also include non-financial aspects like internal control system effectiveness, environmental compliance, and sustainability reporting.

AAA Definition of Financial Statement Auditing

• Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the correspondence between the assertions and established criteria.
• Auditors communicate their findings to interested users (e.g., creditors, investors).
• GAAP and generally accepted auditing standards are relevant concepts.

Audits

• Audits are logical, not haphazard, processes focused on collecting and evaluating evidence.
• Management assertions about activities and balances form the basis of financial statements.
• The audit's goal is to provide an opinion on whether the financial statements fairly present their subject matter in accordance with an applicable financial reporting framework.
• This enhances user confidence and is based on GAAS and ethical requirements.

Sarbanes-Oxley Act of 2002

• Management is responsible for financial reporting.
• Key officials (CEO and CFO) must certify financial statements, stating they are truthful, without false/misleading elements, and accurately depict the company's financial condition.

Sarbanes-Oxley and Management's Responsibility for Financial Reporting

• Management must assert the effectiveness of internal controls over financial reporting.
• Auditors assess internal controls and issue an attestation report (Section 404) to guarantee these controls are correctly designed and function effectively.

Management Financial Statement Assertions (PCAOB)

• Existence/occurrence asserts asset and liability existence and valid transactions occurred.
• Completeness ensures all balances/transactions are recorded in the financial statements.
• Valuation/allocation signifies valuation according to GAAP.
• Rights and obligations confirm the entity's ownership/responsibility for reported assets/liabilities.
• Presentation/disclosure dictates correct presentation in financial statements and footnotes.

Management's Financial Statement Assertions (ASB)

• Assertions about classes of transactions ensure events are valid.
• Cutoff mandates correct period recording of transactions.
• Completeness means all transactions are recorded in the proper period.
• Accuracy ensures transactions are recorded correctly.
• Rights and obligations confirm entity ownership/responsibility (similar to PCAOB assertion).
• Classification ensures proper account posting.
• Presentation mandates GAAP-compliant disclosures.

Management Assertions

• PCAOB and ASB assertions about classes of transactions and events, and related disclosures (occurrence, cutoff, completeness, accuracy, rights/obligations, classification, presentation).
• Assertions about account balances and related disclosures (existence, completeness, accuracy/allocation, rights/obligations, presentation).

Professional Skepticism

• Professional skepticism involves a critical approach to evidence.
• Inquiry alone isn't enough, requiring corroborating evidence.
• Unusual financial trends warrant further investigation.
• Documents should be thoroughly checked and verified.
• Auditors should ask questions, get answers, and verify solutions.
• Potential conflicts of interest between the auditor and the client necessitate skepticism in audits.

A Professional Judgment Process

• A structured five-step professional judgment process clarifies issues and objectives, considers possible alternatives, gathers evidence, reaches audit conclusions, and documents the rationale for the chosen conclusion.

Public Accounting Services

• Public accounting services encompass auditing and assurance services, including financial statement audits, non-audit/attestation engagements, compilations, reviews, tax services, and advisory services.

Baseball Hall of Fame

• The Baseball Writers' Association of America (BBWAA) conducts the Hall of Fame vote.
• An external audit firm (e.g., EY) verifies voter eligibility and voting process accuracy.

Public Accounting Firm Organization

(Illustrative organizational charts)

• A typical structure shows a hierarchical arrangement from Chair and CEO to partnering, managerial, senior, and staff levels across various service areas within the firm.

Revenues for the Big Four CPA Firms

(Data in billions of dollars)

• Revenues for Deloitte, EY, KPMG, and PwC are presented, specifying auditing and assurance, tax, and advisory services revenues, expressed both in absolute amounts and as percentages of total revenue.

Prohibited Professional Services

• Sarbanes-Oxley prohibits certain non-audit services for audit clients, including bookkeeping, financial information system design/implementation, appraisal/valuation services, actuarial services, internal audit outsourcing, management/human resources services, investment/broker/dealer services, and unrelated legal/expert services.

No Audit?

• Tax consulting on aggressive tax law interpretations or certain listed transactions is prohibited.
• Contingent fees are prohibited, as are tax services for executives.
• However, corporate tax returns are generally allowable.

Is There Room for Public Accounting Firms?

• Some predict public accounting firms expanding into legal services.
• The American Bar Association encourages examining non-lawyer firm ownership.
• The Big 4 are expanding into legal service delivery; however, rigorous regulatory issues, including independence checks, persist.

Learning Objectives (Chapter 1)

• Internal auditing, governmental, and operational auditing are covered.
• Describing audits and auditors in these areas is a primary objective.
• Requirements for becoming a CPA (Certified Public Accountant) and other accounting professional certifications are addressed.

Become a Professional and Get Certified!

• Education requirements (150 hours or more) and an examination are mandatory.
• At least one year of public or two years of private-sector experience is necessary.
• A state certificate/license is required.
• Relevant skill sets and education combine to complete requirements.

Certification Requirements

• Certification requirements vary by certification type (CPA, CISA, CIA, etc.)
• Education (degree requirements), experience (public/private sector or relevant), and examinations (specific content) are all pivotal elements.

Uniform CPA Examination

• The Uniform CPA exam comprises four sections: Auditing and Attestation (AUD), Financial Accounting and Reporting (FAR), Regulation (REG), and Business Environment and Concepts (BEC).
• Each section has a specific format with multiple-choice and task-based simulations.

Auditing and Attestation Section (AUD)

• The AUD section focuses on ethics, professional responsibilities, risk assessment, audit procedures, obtaining evidence, and forming audit conclusions.
• Specific knowledge and application of specific skills form the foundation for this section.

The New Uniform CPA Examination

• New sections are anticipated for the 2024 CPA exam (Business Analysis and Reporting (BAR), Information and Systems Control (ISC), and Tax Compliance and Planning (TCP)), signifying a broader focus and structure.