Chapter 21

Assurance, Attestation, and Internal Auditing

Services

Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Assurance Services

Assurance services

are independent

professional services

that improve the

quality of information,

or its context, for

decision makers.

LO# 1

21-2

LO# 1

Assurance Services

21-3

LO# 1

Decision Model

21-4

Types of Assurance Services

Risk

Assessment

Business

Performance

Measurement

Information

System

Reliability

Electronic

Commerce

Health Care

Performance

Measurement

PrimePlus

LO# 2

21-5

Attest Engagements

Attest services occur when

a practitioner is engaged to

issue, or does issue, an

examination, a review, or an

agreed upon procedures

report on subject matter, or

an assertion about subject

matter, that is the

responsibility of another

party.

LO# 3

21-6

LO# 3

Attest EngagementsFigure 21-3

21-7

Types of Attest Engagements

Attest

Engagements

Examination

Review

Agreed-Upon

Procedures

LO# 4

21-8

Attestation Standards

Attestation

Standards

General Fieldwork Reporting

LO# 5

21-9

General Standards

Adequate Technical

Training &

Proficiency

Adequate

Knowledge of

Subject Matter

IndependenceDue Professional

Care

Subject Matter

Capable of

Evaluation

LO# 5

21-10

Standards of Field Work

Adequate Planning

& Supervised

Assistants

Obtain Sufficient

Evidence

LO# 5

21-11

Standards of Reporting

Identify Subject

Matter or AssertionState Conclusion

State Significant

Reservations

Restricted Use of

Report in Certain

Circumstances

LO# 5

21-12

Reporting on an Entity’s Internal

Control over Financial ReportingThe Federal Deposit Insurance Corporation

Improvement Act of 1991 requires that the

management of large financial institutions issue a

report on the effectiveness of the institution’s

internal control and that they engage accountants to

attest to management’s report.

The Sarbanes-Oxley

Act of 2002 imposed

similar requirements

on all publicly held

companies.

LO# 6

21-13

Conducting an Engagement to

Report on ICFR

Necessary

Conditions

1. Management of the entity accepts responsibility for the

effectiveness of the entity’s internal control.

2. The responsible party evaluates the effectiveness of the

entity’s internal control using suitable criteria (referred to as

control criteria).

3. Sufficient appropriate evidence exists or could be developed

to support the responsible party’s evaluation.

LO# 6

21-14

Financial Forecasts

and Projections

CPAs can be engaged to examine, apply agreed-

upon procedures, or compile the prospective

financial statements if such statements are expected

to be used by a third party.

LO# 7

21-15

LO# 7

Standard Report on a Forecast Exhibit 21-1

21-16

LO# 7

Standard Report on a Projection Exhibit 21-2

21-17

LO# 7

Report on Agreed-Upon

Procedures Exhibit 21-3

21-18

LO# 7

Standard Report on a CompilationExhibit 21-4

21-19

Accounting and Review Services

Compilations Reviews

Many nonpublic businesses do not choose to

contract for an audit of their financial statements.

However, these entities often employ a CPA to

assist with preparing their financial statements, tax

returns, or other financial documents.

LO# 8

21-20

LO# 8

Levels of Assurance

Figure 21-4

21-21

Compilation of Financial

Statements

A compilation is defined as presenting, in the

form of financial statements, information that is

the representation of management or owners

without expressing any assurance on the

statements.

Compilation

with Full

Disclosure

Compilation

that Omits

Disclosures

Compilation

when CPA

is not

Independent

LO# 8

21-22

LO# 8

Report on a Compilation with

Full DisclosureExhibit 21-5

21-23

Review of Financial Statements

A review is defined as the performance of

inquiry and analytical procedures to provide

the accountant with a reasonable basis for

expressing limited assurance that no material modifications should be made to the

statements in order for them to conform to the

applicable financial reporting framework (e.g.

GAAP).

LO# 8

21-24

Review of Financial Statements

1. Obtaining knowledge of the accounting principles and

practices of the industry in which the entity operates.

2. Obtaining a general understanding of the entity’s

organization, its operating characteristics, and the nature of

its assets, liabilities, revenues, and expenses.

3. Obtaining an understanding of the accounting principles

and practices used by the entity in measuring, recognizing,

recording, and disclosing all significant accounts and

disclosures in the financial statements.

4. Asking the entity’s personnel about important matters.

5. Performing analytical procedures.

6. Reading the financial statements to determine if they

conform to the applicable reporting framework.

7. Obtaining reports from other accountants, if any.

8. Obtaining a representation letter from management.

LO# 8

21-25

LO# 8Standard Report on

a Review EngagementExhibit 21-6

21-26

Conditions That May Result in

Modification of a Compilation or

Review Report

Departure

from GAAP

Going-

Concern

Uncertainty

LO# 8

21-27

LO# 8

Modified Review Report with

GAAP DepartureExhibit 21-7

21-28

Internal Auditing

Internal auditing is an independent, objective assurance

and consulting activity designed to add value and

improve an organization’s operations.

It helps an organization accomplish its objectives by

bringing a systematic, disciplined approach to evaluate

and improve the effectiveness of risk management,

control, and governance processes.

LO# 9

21-29

Institute of Internal Auditors (IIA)

Standards

Mandatory guidance

•Definition of internal

auditing

•Code of ethics

•Standards

Strongly recommended

guidance

•Position papers

•Practice advisories

•Practice guides

The IIA oversees and sets standards for

internal auditing internationally.

LO# 9

21-30

IIA Code of Ethics

Principles

Integrity

Objectivit

y

Confident

iality

Compete

ncy

LO# 9

21-31

Internal Auditors’ Roles

Evaluating Risks and

Controls

Reviewing

Compliance

Financial Auditing Operational Auditing

LO# 9

21-32

LO# 9

Internal Audit FunctionFigure 21-5

21-33

Interactions between Internal

and External Auditors

Some of the

work performed

by internal

auditors is

directly

relevant to the

work of the

independent

auditor.

Before relying

on the work of

internal

auditors, the

external auditor

must evaluate

internal

auditors’

objectivity and

competence.

LO# 9

21-34

Trust Services

Security

Availability

Processing

Integrity

Privacy

Confidentiality

Five Principles

of Trust

Services

LO# 10

21-35

Trust Services

SOC 1 – used

by the auditors of

several different

clients

SOC 2 –

restricted use

only

SOC 3 –

general use

report

Service

Organization

Control reports

LO# 10

21-36

WebTrust Services

CPA WebTrust

Assurance Services

relating to Electronic Commerce

LO# 10

21-37

SysTrust Services

LO# 10

SysTrust

Assurance Services

relating to Information Systems

21-38

PrimePlus Services

CPA PrimePlus Services

Consulting/Facilitating Services

Direct Services

Assurance Services

LO# 10

21-39

End of Chapter 21

21-40