Want to sign up and start contributing? Head over to our subreddit at https://www.reddit.com/r/CPAEXAM to get the sign-up code needed.

AUD: Difference between revisions

From WikiCPAExam
Jump to navigation Jump to search
Line 645: Line 645:


==Auditor's Report==
==Auditor's Report==
=== Report Layout ===
Due to Wiki's basic formatting options, there's currently no good way to show the various reports on here. See the report tabs at the excel file below for coverage of the report language specifics
[[file:AUD_excel.xlsx]]
===Add On Paragraphs ===
===Add On Paragraphs ===
There are specific situations that could be tested on. Those are:
There are specific situations that could be tested on. Those are:
Line 656: Line 663:
[[file: AddOnParagraphs.png]]
[[file: AddOnParagraphs.png]]


=== Report Layout ===


Due to Wiki's basic formatting options, there's currently no good way to show the various reports on here. See the report tabs at the excel file below for coverage of the report language specifics


[[file:AUD_excel.xlsx]]
=== Special Purpose Framework ===
 
The accrual basis is used under GAAP. If another basis is used, it requires an Emphasis-of-Matter paragraph be added to the Auditor's report.
 
Non-Accrual methods are called '''Other Comprehensive Bases of Accounting (OCBOA)''' and consist of :
# Cash Basis
# Tax Basis
# Regulatory Basis
# Contractual Basis
# Any Other Basis


==Government Audits==
==Government Audits==

Revision as of 17:18, 31 December 2023

Types of Engagements

There are 5 different types of Engagements:

  • Preparation
  • Compilation
  • Review
  • Audit
  • Agreed-Upon Procedures
Types of Engagements
Preparation Compilation Review Audit Agreed-Upon Procedures
Type Non-Attest Non-Attest Attest Attest Attest
Assurance Provided
RedX.png
RedX.png
Limited Assurance
GreenCheckmark.png
GreenCheckmark.png
Independence
RedX.png
Not required, but must state lack of independence in compilation report
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
Report Issued?
RedX.png
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
Requires CPA Signature?
RedX.png
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
Notes to Financial Statements Required?
RedX.png
RedX.png
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png

Who Makes The Rules?

Before we begin, it's important to understand that there are two types of companies:

  1. Public companies = are open for the public to invest in and trade shares on a stock exchange
  2. Non-Public companies = are not open to public and shares do not trade on a stock exchange.

Public companies may also be referred to as issuers, and non-public companies may be referred to as non-issuers. Before the enactment of the Sarbanes-Oxley Act of 2002 (SOX), the auditing profession was largely self-regulated, with the American Institute of Certified Public Accountants (AICPA) playing a key role in setting standards for audits. However, in the wake of major corporate scandals in the early 2000s, the Public Company Accounting Oversight Board (PCAOB) was established by congress through SOX and they now set the standards for public companies.

Public Companies (Issuers)

Today, the PCAOB sets the standards for public companies, while the AICPA still sets the standard for the non-public companies. In research, it is unclear what standards are used for engagements of public companies outside of the Auditing Standards (AS), which are used for audits of public companies. For testing purposes, whenever it asks about a public company, PCAOB standards apply.

SOX Rules
# To Remember Description
1 * PCAOB inspection is required every year for audit firms with 100 or more audits in a year.
* If an individual is going from the audit firm to the client as a CEO, CFO, controller, chief accounting officer, or equivalent, the audit firm is ineligible to perform the audit for 1 year after the final day of the individuals employment at the audit firm (a.k.a "Cooling-Off Period").
3 * PCAOB inspection is required every 3 years for audit firms with 99 or fewer audits in a year.
5 * The lead and reviewing audit partners must rotate off the audit every 5 years. They must remain out for 5 more years before re-joining.
* Under law, auditors must retain their working papers for at least 5 years. Criminal penalties if not.
7 * All audit partners other than lead and review partners must rotate off the audit every 7 years. They must remain out for 2 years before re-joining.
* Auditors must retain their audit working papers for at least 7 years. If disposed of before 7 years, punishment depends on whether it was held for 5 years or not. Under 5 are criminal penalties, over 5 AICPA sanctions.

Non-Public Companies (Non-issuers)

For non-public companies, the AICPA standards apply. The AICPA standards are broadly referred to as Generally Accepted Auditing Standards (GAAS). There are 2 rulemaking bodies within the AICPA that are on the exam.

  • AICPA's Auditing Standard Board (ASB) = Handles reviews, audits, and agreed-upon procedures of both financial statement related engagements (SAS standards) and non-financial statement engagements (SSAEs standards).
  • AICPA's Accounting and Review Services Committee (ARSC) = Handles preparation, compilations, and reviews of financial statements.

There are 3 sets of standards that are needed for the test:

  • Statements on Auditing Standards = SASs = issued by Auditing Standards Board for audits of financial statements for non-public companies.
  • Statements on Standards for Accounting and Review Services = SSARSs = apply to preparations, compilations, and reviews of nonissuers' financial statements.
  • Statements on Standards for Attestation Engagements = SSAE = applies to engagements outside of financial statements.

Standards Flowchart.png

Assertions That Management Can Make

Management makes assertions about the financial statements. It is up to the auditor to test whether those assertions are correct or not.

There are 8 Relevant Assertions that management can make. Those are:

Crocodile Cape.jpg
Relevant Assertions
Balance Sheet Assertions Income Statement Assertions
Completeness
GreenCheckmark.png
GreenCheckmark.png
Accuracy
GreenCheckmark.png
GreenCheckmark.png
Presentation
GreenCheckmark.png
GreenCheckmark.png
Existence
GreenCheckmark.png
RedX.png
Cutoff
RedX.png
GreenCheckmark.png
Rights / Obligations
GreenCheckmark.png
RedX.png
Occurrence
RedX.png
GreenCheckmark.png
Classification
GreenCheckmark.png
GreenCheckmark.png

Helpful Mnemonics:

  • CAPE CROC
  • Balance Sheet items Exist, Income Statement items Occur.

Engagement

There's no real step-by-step guide, but here are the general steps of an attestation engagement:

  1. Acceptance
  2. Planning
  3. Risk Assessment
  4. Performing Further Audit Procedures
  5. Evaluating Testing Results

There are certain things that are performed not at any one particular step, but rather are constantly considered and re-visited as needed throughout the attestation engagement. Those are:

  • Audit Strategy
  • Audit Plan
  • Determining Materiality
  • Monitoring Independence

Step 1: Acceptance

The formal acceptance of an engagement is with the signing of an Engagement Letter. This is written by the auditor and signed by the client. The Engagement Letter is signed for all 5 types of engagements.

There are 5 sections of the letter:

  • Objective and Scope of the Engagement
  • Responsibilities of the Auditor
  • Responsibilities of Management
  • Other Relevant Information
  • Reporting Section (What will be issued)

Below is a chart that has the terminology that could be used on the exam when asking where responsibility lies. Most of these terms are very difficult to understand, and some mean the same thing. These terms are explained in later steps.

Items each party is responsible for...
Management is Responsible for... CPA is responsible for...
Preparation and fair presentation of financials in accordance with GAAP. Conduct the engagement in accordance with applicable standards (ex. GAAS)
Financials are free of material misstatements Identify and assess the risk of material misstatement
Design, implementation, and maintenance of internal controls Obtain an understanding of internal controls
Unrestricted access to people and information Obtain an understanding of the entity and its environment
--- Design and perform Further Audit Procedures
--- Obtain audit evidence that is sufficient to provide an opinion.


EngagementLetter.png

Step 2: Planning: Audit Strategy and Audit Plan

Planning the Audit consists of:

  1. Establishing the overall Audit Strategy, and
  2. Developing the Audit Plan. [1]

Planning is a continual process that begins shortly after the completion of the previous audit and continues until the completion of the current audit engagement. [2] AU-C 300.A11 states that "The audit strategy and audit plan are not necessarily discrete or sequential processes". It also states that they are "interrelated" and that "changes in one may result in consequential changes to the other." [3] The auditor should update and change both the audit strategy and audit plan during the course of the audit as necessary. [4]

AICPA standards notes:

  • The Audit Plan is more detailed and formal than the Audit Strategy. [5]
  • The Audit Strategy and Audit Plan are "interrelated" and that "changes in one may result in consequential changes to the other." [6]
Planning
Audit Strategy Audit Plan
Selection of Engagement Team
GreenCheckmark.png
RedX.png
Determining Allocation and Deployment of Resources
GreenCheckmark.png
RedX.png
Determine Nature, Timing, and Extent of Risk Assessment Procedures
RedX.png
GreenCheckmark.png
Determine Nature, Timing, and Extent of Further Audit Procedures
RedX.png
GreenCheckmark.png

Step 3: Risk Assessment

ObtainAnUnderstanding.png

The overall goal of the audit is to reduce Audit Risk to an acceptably low level. To do this, the auditor must assess the risk of material misstatement (RMM). The test will also refer to this step as "Obtaining the Understanding of the Client" or just "obtaining an understanding". The auditor is assessing two types of risk here:

  • Inherent Risk
  • Control Risk

Audit Risk Model

Audit Risk Model.png
Audit Risk Model
Type of Risk Definition Example / Formula Can CPA Control?
Inherent Risk [7] Risk that a misstatement could exist before considering client's internal controls Petty cash has a high inherent risk due to the inherent ease to steal cash.
RedX.png
Control Risk [7] Risk that misstatement will not be caught by the client's controls Controls that are poorly designed or insufficient have a high control risk.
RedX.png
Detection Risk [7] Risk that the procedures performed by the auditor will not detect misstatements. More accurate term would be "non-detection risk" The more procedures performed, the lower the detection risk
GreenCheckmark.png
Risk of Material Misstatements [7] Whenever you see this term, you should read it as "assessing inherent risk and control risk" Inherent Risk + Control Risk.
RedX.png
Audit Risk [7] Risk that the auditor expresses an inappropriate positive opinion on financial statements that are actually materially misstated. More accurate term would be mis-audit risk. Inherent Risk + Control Risk + Detection Risk
GreenCheckmark.png

Since both Inherent Risk and Control Risk are not controlled by the auditor, the auditor must determine the risk level that exists for each. The auditor determines this by performing the following procedures:

  • Perform Risk Assessment Procedures [8]
    • Inquiries to management, internal audit, and others, both within and outside of the entity, who could assist in assessing inherent and control risk (a.k.a. RMM).
    • Observations
    • Inspection
  • Understand nature of the client: business operations, investment and financing activities, ownership structure, and governance structure. [8]
  • Understand external factors: Industry conditions & government regulations that affect the entity. [8]
  • Understand operating strategy. [8]
  • Understand financial performance. [8]


The risk assessment determines the nature, timing, and extent of Further Audit Procedures.
Part of risk assessment is evaluating the design of internal controls and determining whether they have been implemented. This can also be termed "Gaining an Understanding of Internal Control"
The auditor is not yet assessing the effectiveness of internal controls. That will be performed in the next step.
The risk of assessing control risk too low is the auditor's biggest fear, as this could lead to providing incorrect assurance.
Once we understand the RMM, we can set the detection risk, so that the Audit Risk will be at an acceptably low level. Setting the detection risk can be thought of as "how much work will we have to do".

Step 4: Performing Further Audit Procedures

"Further Audit Procedures" is the term provided by the AICPA, but we can think of it as "performing audit procedures." After we've made our initial assessment about inherent and control risk, we can begin designing and performing the audit procedures. There are two types of Further Audit Procedures:

  • Substantive Procedures
  • Test of Controls

File:FurtherAuditProcedures.png

Test of Controls

If we determined in the Risk Assessment phase that controls were designed well and are currently functioning at the client, we may rely on those controls to avoid having to perform substantive procedures. To what extent we can rely on the control depends on how effective we judge the control to be at preventing, detecting, and/or correcting a material misstatement.

Internal Controls
Risk Assessment Phase Further Audit Procedures Phase
Evaluating Design of Control
GreenCheckmark.png
RedX.png
Determining if they have been Implemented
GreenCheckmark.png
RedX.png
Determining Operational Effectiveness
RedX.png
GreenCheckmark.png

To test the effectiveness of controls, the auditor will do the following:

  • Make inquiries
  • Make inspections
  • Make Observations
  • Reperformance
  • Perform Recalculation
  • Attribute Sampling (only when controls are relied on heavily)

The auditor is not required to do all of the above, but must do more than just make inquires. Inquiries alone are not sufficient to determine effectiveness.
For private companies (a.k.a. "non-issuers"), the auditor is NOT required to attest to internal control effectiveness unless management requests and auditor agrees.
For publicly traded companies (a.k.a. "issuers"), the auditor is required to report on the effectiveness of internal controls.

Substantive Procedures

Substantive Procedures are performed to detect material misstatements. There are 2 types:

  • Test of Details
  • Analytical Procedures
Analytical Procedures

This is sometimes referred to as "Substantive Analytical Procedures". Analytical Procedures is simply using numbers and ratios to determine whether the balances are in line with expectations or not. The expectation can come from:

  • Industry expectation
  • Prior period or interim period financials.
  • Budgets and forecasts
  • Expected relationships.

Analytical procedures should be performed on high volume, relatively predictable transactions.
Analytical procedures alone may be sufficient to reduce Audit Risk to an acceptably low level. This means in certain situations, applying Analytical Procedures can avoid having to perform Test of Details.

Test of Details

Due to the amount of details, this has been given it's own section. Scroll down to find.

Test of Details

Test of Details are procedures performed to obtain evidence regarding the "relevant assertions" provided by management. Relevant assertions is a term that encompasses everything management is asserting and having the auditor review. For example, when the client gives the auditor their financial statements, one assertion that management is making is that the balances are accurate. It is up to the auditor to collect evidence and form an opinion on the accuracy of that assertion. Exactly what tests are done depends on:

  • The type of engagement: An audit would involve more extensive work than a review.
  • The assertions that are made: Different tests are applied for each assertion.
  • The accounts being reviewed (a.k.a. "cycles"): There are 3 general cycles covered:
    • The Revenue and Sales Cycle
    • The Purchases and Inventory Cycle
    • The Payroll Cycle

Because it would be inefficient to test all 100% of the activity, sampling is typically done. Tests of Detail are then performed on the sample to obtain reasonable assurance.

Internal Controls
Procedure Timing Sampling Size
High Risk of Material Misstatement End of year or at unpredictable times
GreenUpArrow.png
Low Risk of Material Misstatement Before end of year (interim date)
RedDownArrow.png

Sampling and Performing Tests

Steps for Sampling:

1. Consider the purpose of the audit procedures [9]

  • Determining materiality levels for a deviation/misstatement [10]

2. Identify the population from which the sample will be taken from

As the rate goes... The sample size goes...
Sampling Risk
RedDownArrow.png
GreenUpArrow.png
Tolerable Deviation Rate
RedDownArrow.png
GreenUpArrow.png
Expected Deviation Rate
RedDownArrow.png
RedDownArrow.png
  • Determine expected rate of deviation. [11]
    • Based on auditor's professional judgement.
    • The amount will likely be provided in the problem.
  • Determine the tolerable rate of deviation.
    • Based on the auditor's professional judgement.
    • The amount will likely be provided in the problem.

3. Determine acceptable levels of sampling risk

Sampling Risk Confidence Level Sample Size
Less Sampling Risk
RedDownArrow.png
GreenUpArrow.png
GreenUpArrow.png
More Sampling Risk
GreenUpArrow.png
RedDownArrow.png
RedDownArrow.png
  • Sampling Risk = 1 - Confidence Level
  • The lower the sampling risk, the higher the confidence interval.

4. Determine sample size

5. Choose the sample selection method.

6. Perform auditing procedures on sample.

  • Types of Variable Sampling Methods

7. Evaluate results.

8. Document the work performed and results obtained in the working papers.

Risk Types: Sampling Risk vs. Non-Sampling Risk

Sampling & Non-Sampling Risk
Sampling Risk Non-Sampling Risk
Definition Risk that auditor's conclusion from the sample is different than the conclusion that would've been reached if the entire population was tested. Risk that wrong conclusion is reached from something other than sampling.[12]
Think of as... When the auditor does everything right, but the sample results lead you to an incorrect conclusion. When the auditor makes an error with sampling.
Examples None Provided (1) Auditor applies inappropriate procedure
(2) Auditor misinterprets audit evidence
(3) Auditor fails to recognize misstatements or control deviations. [13]

With sampling risk, the questions will probably focus on the two types of wrong conclusions that can be drawn:

  • Audit Efficiency Error
  • Audit Effectiveness Error
Affects of Wrong Conclusions from Sampling
Audit Efficiency Error Audit Effectiveness Error
Synonym Unnecessary Audit Effort Potential Audit Failure
Definition Sample test results indicates issues when there actually are none. [12] Sample test results indicate there are no issues when there actually are.[12]
Result Additional unnecessary audit procedures. The lack of indication can lead to giving a wrong opinion. Most serious.
What does "issues" mean? (1) For tesing controls, an issue means the control is not working correctly.
(2) For testing of details (a.k.a. testing an account balance), an issue would be a material misstatement.[12]

Sampling Approach, Types, and Methods

Sampling Approach.png

Sampling Approaches: Statistical vs. Non-Statistical
Statistically Non-Statistically
Key Word(s)* Scientifically, Statistically, Quantify Subjective Judgement
Determine Sample Size GreenCheckmark.png (See Key Words) GreenCheckmark.png (See Key Words)
Make Sample Selections GreenCheckmark.png (See Key Words) GreenCheckmark.png (See Key Words)
Design an Efficient Sample
GreenCheckmark.png
RedX.png
Measure Sufficiency of Evidence
GreenCheckmark.png
RedX.png
Evaluate Sample Results
GreenCheckmark.png
RedX.png
Ability to Measure Confidence Level
GreenCheckmark.png
RedX.png
Ability to Measure Precision
GreenCheckmark.png
RedX.png

* Key Term(s) are terms that the questions will use to describe each approach.

Delegating Work

The auditor can delegate tasks by using the work of:

  • Internal Auditors
  • Service Auditors
  • Specialists

When using the work of someone else, the auditor must ensure the following:

Requirements for Reliance on Others
Internal Auditors Specialist Service Auditor
Competent
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
Independent
RedX.png
RedX.png
GreenCheckmark.png
Objective*
GreenCheckmark.png
GreenCheckmark.png
Independence Required
* Objectivity is a term generally used when the person is not required to be independent, but is still expected to be impartial. An example would be Internal Auditor's work for the company, but answer to the audit committee instead of company management.
Internal Auditors

The Internal Auditor (IA) can be given some work as long as the external auditor does the following:

  • Auditor determines IA are competent.
  • Auditor determines IA are objective.
  • Auditors applies a systematic and disciplined approach, including quality control.
  • Receives written acknowledgement from management stating that IA's are permitted to follow instructions of auditor, and management will not interfere with the work.
Permitted Functions For Internal Auditors
Permitted
Preparing Schedules
GreenCheckmark.png
Compiling Documents
GreenCheckmark.png
Performing Non-Judgement Tasks
GreenCheckmark.png
Making Judgements
RedX.png
Performing Critical Audit Procedures (Fraud)
RedX.png

The external auditor should make all significant judgements. Tasks that involve assessing, selection, determination, valuation, etc. are not able to be performed by IA.
External Auditors always have sole responsibility for the audit opinion expressed. The external auditor should oversee the work that the IA does.

Using Service Auditors

A service auditor is used when a company outsources a business function to another business. An example would be hiring a payroll company to process their payroll. The auditor of the business (a.k.a. User Auditor) will need to receive a report from a Service Auditor attesting to the controls in place at the service organization. This is done through a report from the service auditor titled a SOC Report.

Service Auditor.png

There are 3 types of SOC reports:

Service Auditor Reports
SOC 1 SOC 2 SOC 3
Attestation Matters Controls relating to financial reporting Controls relating to security, availability, processing, integrity, confidentiality, and privacy. Controls relating to security, availability, processing, integrity, confidentiality, and privacy.
Who Can Use Report User Auditor Only Only Parties Stated in Report Anyone

Any one of those SOC reports can be 1 of 2 "types". The type depends on whether the report attests to the effectiveness of controls or not:

Service Auditor Report Types
Type 1 Type 2
Suitability of Controls
GreenCheckmark.png
GreenCheckmark.png
Design of Controls
GreenCheckmark.png
GreenCheckmark.png
Effectiveness of Controls
RedX.png
GreenCheckmark.png

A common question will be "which of these reports attest to the effectiveness of internal controls relating to financial reporting", which would be a SOC 1 Type 2 report.

Using Work of Specialist

If a client has a situation that is rare and complex, the auditor may need to find a specialist who can provide the auditor with evidence that the situation is not materially misstated. Examples include:

  • Actuarial Calculations
  • Estimation of oil and mineral reserves.
  • Valuation of environmental cleanup costs.

The auditor should assess the specialist's objectivity and competence. The auditor should only refer to work of the specialist if issuing a qualified or adverse opinion.

Transaction Cycle Testing

The auditor's ultimate goal is to obtain evidence to form an opinion on the relevant assertions made by management. The auditor will do this for all accounts. In the process of business, many of these accounts are involved in the same business function. For example, when a company makes a sale, it not only affects the revenue account, but also the cash account, the accounts receivable account, and the sales return account. These groups of interworking accounts are referred to as "Transaction Cycles". The auditor will seek evidence for the transaction cycles to obtain reasonable assurance over all of the accounts.

There are 5 "cycles" covered:

    • The Revenue and Sales Cycle
    • The Cash Receipts Cycle
    • The Purchases and Inventory Cycle
    • The Cash Disbursement Cycle
    • The Payroll Cycle

An important aspect of the transaction cycles is proper Segregation of Duties. These 3 activities should be done by different people/departments:

  • Authorize
  • Records (a.k.a. Recording or Recordkeeping)
  • Custody

Authorize = They may keep records outside of the financial statement accounts, such as list of employees or summary of hours worked, but they authorize by forwarding their records to the appropriate departments for processing. Beginning of Cycle.

Records = Receives documents from the initial sources and updates appropriate journals. Mid-Cycle.

Custody = Maintains control over the asset. End of Cycle.

Revenue and Sales Cycle

Below is a gif walkthrough of the Revenue Cycle:

RevenueCycle.gif

The documents in the cycle are:

Documents
Document Description
Customer Order Order customer submits to the company.
Sale Order Sales Department uses Customer Order to create Sales Order.
Approved Sales Order (ASO) Sales Order is reviewed by Credit Department. If credit is approved, Credit Department issues Approved Sales Order.
Acknowledgment Sent by Sales Department to Customer once Credit is approved.
Bill of Lading (BOL) Similar to a title. Title of goods.
Packaging Slip Details what is being shipped.
Remittance Advice Details the charges and the total amount due. Similar to invoice, but it's mailed back with payment.
Daily Invoice Summary A/R Department keeps list of invoices it receives each day. Forwards to GL Department for updating the General Ledger at days end.

RevenueDocumentFlowchart.png

Cash Receipts Cycle

Below is a walkthrough of the steps in the Cash Receipt Cycle:

CashReceiptCycle.gif

Here is a more easily readable and memoizable flowchart:

CashReceiptCycle2.png

Purchases and Inventory Cycle

Documents
Document Description
Purchase Requisition Document created by Warehouse that shows what items need to be reordered.
Purchase Order Document created by Purchasing Dept. and sent to Vendor to place an order.
Receiving Report Filled out by the Receiving Dept. to show what items were received from Vendor.

PurchaseCycle.gif

Cash Disbursements Cycle

The Cash Disbursements cycle picks up where the purchasing cycle ended. It begins when the company receives the invoice from the vendor.

Documents
Document Description
Vendor Invoice document that recaps what was purchased and the total cost to be paid.
Approved Vendor Invoice Invoice is considered "approved" after the Purchasing Department confirms its accuracy with what was received.
Tickler File File folders organized by date. Allows to easily pull and pay at correct day.


DisbursementCycle.gif

Payroll Cycle

Documents
Document Description
Authorized Employees' Rates and Deductions List that shows what each employee should be paid.
Employee Clock Cards Employees record the start and end times of their workday on this card. Used for Summary of Hours Worked by Employee.
Job Time Tickets Employees record time worked on each task/job on this card. Used for Summary of Hours Worked by Job.
Payroll Register Shows how much each employee should be paid for the work period.
Payroll Voucher Show's how much should be paid out for the payroll.

PayrollCycle2.png

Evaluating

Potential Results
Type Definition
Unmodified No issues with audit. "F/S are presented fairly"
Modified Small issue(s) with audit. "F/S are presented fairly, with the exception of..."
Adverse F/S are not presented fairly.
Disclaimer Not able to collect enough evidence to form an opinion/conclusion.
Withdraw Cancels the engagement.


MaterialPervasive.png


Disclaimer

Scope Limitations

A scope limitation means the auditor was not able to obtain all the information needed.

ScopeLimitation.png

  • A piecemeal opinion is giving a disclaimer of opinion only on the particular financial statements that are affected by the scope limitation. For the non-affected financials, the auditor gives an unmodified opinion on those.
  • For management-imposed scope limitations, the auditor should do the audit and qualify the opinion if they determine that the issue is not "pervasive". If it is pervasive, they should withdraw if possible, or disclaim an opinion. [14]

Auditor's Report

Report Layout

Due to Wiki's basic formatting options, there's currently no good way to show the various reports on here. See the report tabs at the excel file below for coverage of the report language specifics

File:AUD excel.xlsx

Add On Paragraphs

There are specific situations that could be tested on. Those are:

SpecificSituations.png


MatterParagraphs.png


AddOnParagraphs.png


Special Purpose Framework

The accrual basis is used under GAAP. If another basis is used, it requires an Emphasis-of-Matter paragraph be added to the Auditor's report.

Non-Accrual methods are called Other Comprehensive Bases of Accounting (OCBOA) and consist of :

  1. Cash Basis
  2. Tax Basis
  3. Regulatory Basis
  4. Contractual Basis
  5. Any Other Basis

Government Audits

Nothing here. To begin editing, scroll to the top and hit the edit button.

Professional Responsibilities

The AICPA Code of Professional Conduct has 3 different sets of standards based on the member's job.

Sets of Standards
Applies To Definition Example
Part 1 [15] Members in Public Practice Render attest, tax, and management advisory services.[16] Employed at CPA Firm.
Part 2 [17] Members in Business Prepare financial statements in employment of others, perform internal auditing, and serve in fianncial and management capacities in industry, education, and government. [18] Employed in a Corporate Business
Part 3 [19] All Others N/A Retired or Unemployed

When the client is mentioned, it includes the following people:

  • officers or directors of the client.
  • anyone who is a greater than 10% shareholder of the client.
Rules of Conduct
Rule Sections Definition Part 1 Part 2 Part 3
Integrity & Objectivity Rule 1.100 [20]
2.100 [21]
Member Shall:
(1) Maintain objectivity and integrity,
(2) Be free of conflicts of interest,
(3) Not misrepresent facts, and
(4) Not subordinate their judgement to others.
GreenCheckmark.png
GreenCheckmark.png
RedX.png
Independence Rule 1.200 [22] Defined by bodies appointed by AICPA
GreenCheckmark.png
RedX.png
RedX.png
General Standards Rule 1.300 [23]
2.300 [24]
When accepting and performing professional services, a member shall:
(1) Only accept tasks that the professional, or their firm, can reasonably expect to complete with professional competence,
(2) Exercise professional care while performing the service,
(3) Adequately plan and supervise the service, and
(4) Obtain sufficient relevant data in completing the task.
GreenCheckmark.png
GreenCheckmark.png
RedX.png
Compliance with Standards Rule 1.310 [25]
2.310 [26]
A member must comply with standards issued by professional bodies designated by the AICPA.
GreenCheckmark.png
GreenCheckmark.png
RedX.png
Accounting Principles Rule 1.320 [27]
2.320 [28]
Cannot provide positive or limited assurance when there are material misstatements. You are not violating this rule if you can demonstrate that you performed the attestation engagement appropriately.
GreenCheckmark.png
GreenCheckmark.png
RedX.png
Acts Discreditable 1.400 [29]
2.400 [30]
3.400 [31]
See Below
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
Contingent Fees Rule 1.510 [32]
A contingent fee is an agreement between two parties where a fee will only be assessed as long as a certain outcome is attained. Not permitted for auditing work. Permitted in rare situations with tax work. See below for more details.
GreenCheckmark.png
RedX.png
RedX.png
Commissions and Referral Fees 1.520 [33]
Similar rules to contingent fees.
GreenCheckmark.png
RedX.png
RedX.png
Advertising and Other Forms of Solicitation 1.600 [34]
Advertising cannot be false, misleading, or deceptive. Also all partners of a firm must have AICPA designation in order to use it after the company name.
GreenCheckmark.png
RedX.png
RedX.png
Confidential Information 1.700 [35]
Cannot share confidential information unless:
(1) Requested by a court through subpoena or summons.
(2) As apart of a review of your professional practice.
(3) To initiate or respond to a inquiry made to an appropriate body.
(4) If it is only the client name and no other confidential information.
(5) To your liability insurance carrier as apart of a claim.
(6) Disclosing for review of a prospective purchase, sale, or merger of your practice.
(7) Disclosing to spouse, even in a divorce, because both individuals are clients.
GreenCheckmark.png
RedX.png
RedX.png
Form of Organization and Name 1.800 [36]
This rule addresses the rules around names, designation, titles, etc.
GreenCheckmark.png
RedX.png
RedX.png

Conceptual Framework

The code (1.000.010) consists of the rules and interpretations of the rules. While it attempts to address many situations, not all situations can be addressed. For any situation that is not addressed in the code, it instructs to use a "Conceptual Framework". The conceptual framework consists of the following 3 steps:

  1. Identify Threats
  2. Evaluate the Significance of the Threats
  3. Apply Safeguards

A situation that may violate the rules is called a "threat". You evaluate whether the risk that the threat violates a rule is within an "acceptable level". This "acceptable level" is subjective, defining it as something a "reasonable and informed third party" would conclude. If you determine that the risk is not within an acceptable level, you lastly analyze whether applying "safeguards" would lower to an acceptable level. If not, you withdraw from the attest engagement.

1. Identify Threats

Threats are defined in section 1.000.010.06 as relationships or circumstances that could compromise a member's compliance with the rules.

There are 7 types of threats:

  1. Adverse Interest
  2. Advocacy
  3. Familiarity
  4. Management Participation
  5. Self-Interest
  6. Self-Review
  7. Undue Influence
Threat 1: Adverse Interest

When the client and member's interest are opposing. Example given is when the two are involved in a lawsuit.

Threat 2: Advocacy

When the two interests are aligned to the point that his or her objectivity or independence becomes compromised. Some examples include:

  • Firm acts as investment advisor for company, or it's officer, director, or a greater than 10% shareholder.
  • Firm underwrites or promotes the client's shares.
  • Firm acts as registered agent for client.
  • Firm endorses client's products or services.
Threat 3: Familiarity

Similar to advocacy except it involves a long or close relationship with the client. Examples include:

  • Member's immediate family, close relative, or close friend is employed at the client.
  • Former firm member joins the client in a key position.
  • Senior personnel have long association or close business relationship with client.
Threat 4: Management Participation

The threat that a member may take on the role of management for the client.

Threat 5: Self-Interest

When a member has an interest or relationship with the client and stands to gain a benefit from the client. Examples include:

  • Having a financial interest in the client.
  • Member's spouse is employed or interviewing for job with client.
  • Contingent fee arrangement for tax refund claim.
Threat 6: Self-Review

Threat that the member will not evaluate audit evidence clearly. Examples given involves when you also peform work that is used as audit evidence. Examples are:

  • You do bookkeeping services for the client.
  • You rely on work product that was done by your firm.
  • Someone who was associated with the client in a employment or contractor role joins the firm as a partner.
Threat 7: Undue Influence

Threat that the member will not follow his best judgement due to the client's reputation/expertise, aggressive/dominant personality, or other ways.

  • The client threatens to fire the firm
  • The client threatens to not hire the firm in the future over a disagreement.
  • The client threatens any other professional service over a disagreement.

2. Evaluate Significance of Threats

The member should determine whether a threat is at an acceptable level. An acceptable level is defined as when a reasonable and informed third party who is aware of the relevant information would be expected to conclude that the threat would not compromise the member's compliance with the rules. Members should use both qualitative and quantitative factors when evaluating the significance of a threat.

3. Safeguards

Safeguards are defined as actions or other measures that may eliminate a threat or reduce a threat to an acceptable level. There is no strict outline for safeguards. They can be anything done by the client, the firm, or other bodies, that reduce the acceptable level of a threat.

Independence

A member must be both:

  • Independent in Fact (a.k.a. Independence of Mind)
  • Independent in Appearance


Situations that will impair that independence are:

  • Loans to and from attest client (includes client's officers, directors, and >10% shareholders)
    • Exception: If the client is a financial institution, then the member can have:
      • Credit card(s) through the institution as long as the balance is $10K or less.
      • Auto loan and lease as long as the auto is collateral.
      • Loans fully collateralized by the cash surrender value of insurance cash deposits.
      • Home mortgage, secured loan, or immaterial unsecured loan, as long as all of the following are true:
        • was obtained prior to either (1) client becoming a client, or (2) member becoming a covered member.
        • no payments are missed, terms stay the same, no re-financing.
        • if underwater on loan (FMV is less than outstanding balance), then excess loan amount cannot be material to member's net worth.
  • Member has any ownership in attest client through self-managed investment vehicle or more than 5% through a diversified mutual fund.
  • Employed, or appear to be acting in the capacity of, an employee of the client.
  • Employee of member's firm holds directorship or trusteeship with not-for-profit client, unless it is honorary with no power to affect management decisions.
  • Actual or threatened litigation between client and covered member.
  • Unpaid fees from the client, if the unpaid fees were for services performed > 1 year from the attest report date.
    • Does not apply if client is in bankruptcy.
  • Receives and accepts gift from client where the value of the gift is clearly significant to the recipient.

Additionally, certain people and/or organizations that could influence a member are also prohibited from certain situation in order for the member to maintain independence. This is called a "covered member".

Relevant Definitions
Term Definition
Independent In Fact Also referred to as "Independence of Mind". Must avoid situations that could compromise professional judgement. [37]
Independent in Appearance Must avoid circumstances that would cause a reasonable and informed person to conclude that the independence has been compromised. [37]
Direct Financial Interest An ownership interest in an equity or a debt security issued by an entity, including rights and obligations to acquire such an interest and derivatives related to such interest. Examples include stock, bonds, stock options, warrants, and mutual fund shares, among other. [38]
Indirect Financial Interest A financial interest owned through an investment vehicle, an estate, a trust, or other intermediary where the beneficiary [does not participate] in the intermediary's investment decisions. [39]
Covered Member See Below
Immediate Family Spouse, spousal equivalent, or tax return dependents. Dependents do not have to necessarily be related to you to fall under this definition, they just have to have been claimed as a dependent on your most recent tax return. [40]
Close Relative A parent, sibling, or a non-dependent child. A non-dependent child means a child who you didn't claim as a dependent on your most recent tax return. [40]
Key Position A position in which an individual has the ability to exercise influence over the financial statements. These include positions of CEO, CFO, President, other leadership position that affects the financial statements, Controller, Treasurer, Internal Audit, General Counsel, or Member of the Board [41]

Covered Member

A covered member is any of the following: [42]

  • An individual on the attest engagement team.
  • Individual in a position to influence the attest engagement
  • A partner, partner equivalent, or manager who provides more than 10 hours of non-attest services to the attest client.
  • A partner or partner equivalent in the same physical office as the lead attest engagement partner.
  • The firm
  • Any entity that can be controlled by any of the individuals or entities listed above.

1.240 outlines that a covered member cannot have either of the following in the attest client:

  • A direct financial interest, or
  • A material indirect financial interest. (they are allowed to own a non-material indirect financial interest.)

Additionally, 1.240 states that all partners, professional employees, and their immediate family members, cannot in the aggregate own more than 5% of the attest client. When the shares are owned through an investment vehicle such as a partnership, LLC, 529 plan, retirement plan, or other similar type of plan, whether the financial interest is direct or indirect depends on the decision-making ability that the individual has. If they have the ability to control the business making or investment decisions of the plan, then it is a direct financial interest. If they do not have the control ability, then it is an indirect financial interest.

If a covered member receives an unexpected financial interest in the client during the audit, such as through a gift or inheritance, then they cannot participate in the audit until they dispose of it, and they have 30 days to dispose of it before impairing their independence.

What is the difference between a material indirect vs non-material indirect?
The AICPA does not provide specific guidance on determining materiality. Instead, they instruct that professional judgement should be used. The common threshold seems to be 5% ownership in the company. If 5% or less, then it is an immaterial indirect interest and does NOT impair independence. If above 5%, then it is a material indirect interest and impairs independence.

Exceptions

There are certain carved-out exceptions for people who are close to the member, like family. See chart below for classification, and the specific rules below the chart.

Type Immediate Family Close Relative Employment Exemption Financial Interest Exemption
Spouse (or equivalent)
GreenCheckmark.png
RedX.png
GreenCheckmark.png
RedX.png
Dependent Child
GreenCheckmark.png
RedX.png
GreenCheckmark.png
RedX.png
Dependent Relative
GreenCheckmark.png
RedX.png
GreenCheckmark.png
RedX.png
Parent
RedX.png
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
Sibling
RedX.png
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
Non-Dependent Child
RedX.png
GreenCheckmark.png
GreenCheckmark.png
GreenCheckmark.png
Other Non-Dependent Relative
RedX.png
RedX.png
RedX.png
RedX.png
Immediate Family

An immediate family member may be employed by the attest client as long as they don't hold any of the following:

  • They are not in a key position at the attest client.
  • They cannot own, at any time, 5% or more of the attest client's outstanding shares.
Close Relatives

A close relative can be employed by the attest client as long as they are not in a key position at the attest client.

A close relative can have a financial interest in the client as long as the meet all of the following:

  • The investment is not material to the close relative. If the member is not aware of the close relative's finances, then they meet this requirement as long as they have no reason to think it's material to the relative.
  • The financial interest does not allow the close relative to exert influence over the attest client.

Acts Discreditable

.400.005.01 says that, with the exception of certain acts that are explicitly stated as "Acts Discreditable", a member should follow the "Conceptual Framework" steps laid out in the member's applicable part (part 1, 2, or 3) in order to determine whether it is an acts discreditable or not. .000.010.01 says that not every relationship and circumstance that a member could face can be explicitly stated in the code of conduct, and therefore a member should follow the "Conceptual Framework" steps laid out in making a determination. .400.005.02 says that a member must be able to demonstrate that safeguards were applied that eliminated or reduced significant threats to an acceptable level, or else a member will be considered to be in violation of the Acts Discreditable Rule.

Explicitly stated Acts Discreditable are:

  • Discrimination and harassment in employment practices.
  • Solicitation or disclosure of CPA exam questions and answers.
  • Failure to file a tax return or pay a tax liability.
  • Negligence in the preparation of financial statements or records.
  • Failure to follow the requirements of applicable financial reporting framework and the requirements of regulatory bodies (SEC, PCAOB, etc.).
  • False, misleading, or deceptive acts in marketing professional services.
  • Using the CPA credential in a jurisdiction where they have not been approved by the state to use it.
  • Provide written notice to clients and return/safely store client records upon sale, transfer, or disposal of the firm.
  • Removing client files or proprietary information from a firm without their permission upon termination of employment.
  • Disclosure of confidential information obtained without permission.
  • Failure to provide required documents within 45 days of request from client, unless approved reason to withhold (see chart).
Record Types and Your Right to Withhold
Type Definition Example Right to Withhold
Client-Provided Records that were provided by the client Quickbooks File, Tax Form W-2 Cannot Withhold
CPA's Work Product Item(s) that the client seeks from the CPA. Audit Report, Tax Return Can only withhold if:
(1) Fees relating to that specific work product are unpaid,
(2) The work product is not finished yet,
(3) Litigation involving the work product is ongoing, or
(4) For purposes of complying with professional standards.
CPA-Prepared Records Item(s) that the client doesn't seek but will need. Adjusting Journal Entries Can only withhold if fees relating to that specific work product are unpaid.
CPA Working Papers These are items created by the CPA to "show their work" Word Files, Excel Files Have right to withhold unless legal or contractual obligation to provide.

Contingent Fee, Commissions, and Referral Fees

A contingent fee is an agreement between two parties where a fee will only be assessed as long as a certain outcome is attained.

Attestation Work

The AICPA Code of Professional Conduct outlines the following situations where a contingent fee or commission is NOT permitted:

  1. Any Audit or Review of financial statements.
  2. Any compilation where both of the following are true:
    1. There is a reasonable expectation that a third party will rely on the financials
    2. You are not independent and did not disclose disclose your lack of independence.
  3. An examination of prospective (forward looking) financial statements.
Contingent Fee Allowed vs Disallowed
ASSURANCE Permitted?
Audit (attestation) or Review of Financial Statements
RedX.png
Compilations to be relied on that lack independence
and independence disclosure.
RedX.png
All Other Compilation Situations
GreenCheckmark.png
Preparations
GreenCheckmark.png
Examination of prospective (forward looking) financials
RedX.png
All Other Situations
GreenCheckmark.png

 

Tax Work

For tax work, basing the fee on the outcome of your work is generally prohibited, with a few exceptions:

  • Representing client in an IRS audit or other judicial proceeding.
  • Claim for refund filed with the IRS relating to assessed penalties and interest.
  • Obtaining a Private Letter Ruling from the IRS.
  • Outcome of court case or other governmental agency finding.
  • Fixed by public authority.
  • Based on a price quotation submitted in competitive bidding.
  • Some other very specific situations. See Code of Professional Conduct Section 1.510.010.04. [43]

All other tax related work is prohibited from charging contingent fees. This includes filing a tax return, filing an amended tax return, or filing a claim for refund (outside of just penalties/interest). [44]

Contingent Fee Allowed vs Disallowed
TAX WORK Permitted?
Preparing Tax Return
RedX.png
Preparing Amended Tax Return
RedX.png
Filing A Claim for Refund (Form 843)
RedX.png
Giving Advice on Any of the 3 Above
RedX.png
Obtaining Private Letter Ruling For Client
GreenCheckmark.png
Representing Client Before Revenue Agent
GreenCheckmark.png

Spousal Work

A member's spouse is NOT prohibited from charging a contingency fee or commission for work the spouse does. However, the work can in no way be associated with the member. The code lays out the following 2 rules:

  • The contingent fee activity must be separate from the member's practice, and
  • The member must not be significantly involved in the spouse's activity. [43]

In summary, your spouse can charge a contingent fee for work that has nothing to do with your practice and where you have no involvement in the work.

Investment Advisory

The AICPA Code of Professional Conduct does not absolutely say "yes" or "no" when it comes to investment advisory services. Instead, it provides a couple of specific examples where contingency fees are allowed. The document describes these situations as "interpretations". It then states that if a specific interpretation is not listed, the CPA should use the "Conceptual Framework for Members in Public Practice" and be able to demonstrate that safeguards were applied that provided enough assurance that it was allowed.

The first specific interpretation allows for the CPA to charge a fee based on the percentage of the overall investment portfolio as long as all of the following are met:

  1. The fee is determined based on a specific percentage of the overall portfolio.
  2. The dollar amount of the overall portfolio is determined at the beginning of each quarter and only adjusted for the additions or withdrawals made by the client.
  3. The fee arrangement is not renewed more frequently than on a quarter basis. (a.k.a. arrangement must span at least 1 quarter of the year).[45]

The second specific interpretation allows for the CPA to charge a contingency fee or commission for investment advisory services to both of the following:

  1. Individuals who work for a company who is a client but they themselves are not. For example, you could audit a company and separately provide investment advise to a person who works at the company for a contingency fee.
  2. Employee benefit plans where the company is a client. This allows you to provide investment advise for the company's 401(k) plan for a contingency fee.[46]

Conceptual Framework to Use When No Specific Guidance Is Available

The conceptual framework should be used for all rules when it is unclear whether a specific situation is allowed or not.

The conceptual framework is a three step process:

  1. Identify Threats
  2. Evaluate the Significance of the Threat
  3. Identify and Apply Safeguards

A member is not in violation of the rule if the "threat to the compliance of the rule" is at an acceptable level. An acceptable level is defined as "If the member evaluates the threat and concludes that a reasonable and informed third party who is aware of the relevant information would be expected to conclude that the threat does not compromise a member’s compliance with the rules, the threat is at an acceptable level, and the member is not required to evaluate the threat any further under this conceptual framework approach."

If it is determined that it is NOT at an acceptable level, then "the member should apply safeguards to eliminate the threat or reduce it to an acceptable level. The member should apply judgment in determining the nature of the safeguards to be applied because the effectiveness of safeguards will vary, depending on the circumstances." If the member does not believe the safeguards have reduced the threat to an acceptable level, then he should decline/discontinue the engagement.[47]

Commission and Referral Specific Rules

Many of the rules for contingency fees apply to commissions as well. Additionally:

  • 1.520.040 outlines that, if you are not able to perform the activities yourself without being in violation of the rule, then you also cannot get around the rule by using a third party. Simply outsourcing the task and receiving a commission, referral, or kickback from an individual or entity will still put you in violation of the rule.[48]
  • In any instance that a commission or referral fee is permitted, you must disclose the fee in writing to the client.
Fee Situations
Permitted?
Purchase and resell a product to a client for Profit
GreenCheckmark.png
Refer a client and collect a referral fee
GreenCheckmark.png

Advertising and Other Forms of Solicitation

Advertising cannot be false, misleading, or deceptive. This is defined as any of the following:

  • Creates false or unjustifiable expectations of positive results.
  • Imply the ability to influence any court, regulatory body, or similar entity.
  • Increase price substantially shortly after agreeing to service and not advising the client of the likelihood at the agreement.
  • Any other situations that would cause a reasonable person to misunderstand or be deceived.

A member with an AICPA designation, such as the Personal Financial Specialist (PFS), can use the letters after their name. However, in order to use it after the companies name, all partners of the firm must have the designation.[49]

Client Confidentiality

Able to disclose confidential client information in the following situations:

  1. Requested by a court through subpoena or summons.
  2. As apart of a review of your professional practice.
  3. To initiate or respond to a inquiry made to an appropriate body.
  4. If it is only the client name and no other confidential information.
  5. To your liability insurance carrier as apart of a claim.
  6. Disclosing for review of a prospective purchase, sale, or merger of your practice.
  7. Disclosing to spouse, even in a divorce, because both individuals are clients.

Form of Organization and Name

  • Cannot have a misleading firm name. Misleading if a reasonable person would misunderstand.
  • A member may own an interest in a separate business that performs similar work.
  • Only members of the firm who are legally partners (meaning they are apart of the partnership agreement) may use the term "partner".
  • Allowed to use the name(s) of former partners in the firm's name.
  • Firm can only designate itself as "Members of the AICPA" if all the CPA owners are members of the AICPA (does not require that all members are, just all CPA members).
  • Can only affix CPA to the firm name if all members are CPA's.
  • If not all members are CPA's, you can only use CPA after your personal name.

References

  1. AU-C 300.02,AICPA Risk Assessment & Response to Assessed Risk, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00300.pdf#page=1>
  2. AU-C 300.A2,AICPA Risk Assessment & Response to Assessed Risk, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00300.pdf#page=4>
  3. AU-C 300.A11,AICPA Risk Assessment & Response to Assessed Risk, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00300.pdf#page=6>
  4. 'AU-C 300.10,AICPA Planning an Audit, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00300.pdf#page=3>
  5. 'AU-C 300.A14,Planning The Audit, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00300.pdf#page=6>
  6. AU-C 300.A11,AICPA Risk Assessment & Response to Assessed Risk, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00300.pdf#page=6>
  7. 7.0 7.1 7.2 7.3 7.4 AU 312.21,AICPA Standards of Field Work, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-00312.pdf#page=6>
  8. 8.0 8.1 8.2 8.3 8.4 AU-C 315.06,AICPA Risk Assessment & Response to Assessed Risks, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00315.pdf#page=2>
  9. AU-C 530.06, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00530.pdf#page=3
  10. AU-C 530.A9, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00530.pdf#page=5
  11. AU-C 530.A10, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00530.pdf#page=5
  12. 12.0 12.1 12.2 12.3 AU-C 530.05, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00530.pdf#page=2.
  13. AU-C 530.A4, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00530.pdf#page=4.
  14. Modifications to the Opinion in the Independent Auditor’s Report, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00705.pdf#page=3
  15. Part 1 Code of Professional Conduct, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=26
  16. Code of Professional Conduct 0.300.050.03, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=10
  17. Part 2 Code of Professional Conduct, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=151
  18. Code of Professional Conduct 0.300.050.03, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=10
  19. Part 3 Code of Professional Conduct, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=175
  20. Code of Professional Conduct 1.100, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=33
  21. Code of Professional Conduct 2.100, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=156
  22. Code of Professional Conduct 1.200, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=41
  23. Code of Professional Conduct 1.300, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=121
  24. Code of Professional Conduct 2.300, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=166
  25. Code of Professional Conduct 1.310, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=123
  26. Code of Professional Conduct 2.310, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=167
  27. Code of Professional Conduct 1.320, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=124
  28. Code of Professional Conduct 2.320, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=168
  29. Code of Professional Conduct 1.400, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=126
  30. Code of Professional Conduct 2.400, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=170
  31. Code of Professional Conduct 2.400, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=175
  32. Code of Professional Conduct 1.510, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=134
  33. Code of Professional Conduct 1.520, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=137
  34. Code of Professional Conduct 1.600, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=140
  35. Code of Professional Conduct 1.700, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=142
  36. Code of Professional Conduct 1.800, AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=147
  37. 37.0 37.1 Code of Conduct Definitions, AICPA, https://pub.aicpa.org/codeofconduct/ethics.aspx?targetdoc=et-cod&targetptr=et-cod0.400.21
  38. Plain English Guide to Independence, AICPA, https://us.aicpa.org/content/dam/aicpa/interestareas/professionalethics/resources/tools/downloadabledocuments/plain-english-guide.pdf#page=29
  39. Code of Conduct Definitions, AICPA, https://pub.aicpa.org/codeofconduct/ethics.aspx?targetdoc=et-cod&targetptr=et-cod0.400.22
  40. 40.0 40.1 Code of Conduct Definitions, AICPA, https://pub.aicpa.org/codeofconduct/ethics.aspx?targetdoc=et-cod&targetptr=et-cod0.400.19
  41. Code of Conduct Definitions, AICPA, https://pub.aicpa.org/codeofconduct/ethics.aspx?targetdoc=et-cod&targetptr=et-cod0.400.27
  42. Plain English Guide to Independence, AICPA, https://us.aicpa.org/content/dam/aicpa/interestareas/professionalethics/resources/tools/downloadabledocuments/plain-english-guide.pdf#page=18
  43. 43.0 43.1 AICPA Code of Conduct 1.510.010.04,AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=136>
  44. Contingent Fee Tax Advice: IRS Allows Some, Not All,Forbes, https://www.forbes.com/sites/robertwood/2017/05/10/contingent-fee-tax-advice-irs-allows-some-not-all/?sh=14766ee39d71>
  45. AICPA Code of Conduct 1.510.040,AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=136>
  46. AICPA Code of Conduct 1.510.050,AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=137>
  47. AICPA Code of Conduct 1.000.010,AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=26>
  48. AICPA Code of Conduct 1.520.040,AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=139>
  49. AICPA Code of Conduct 1.600.030,AICPA, https://us.aicpa.org/content/dam/aicpa/research/standards/codeofconduct/downloadabledocuments/2014-december-15-content-asof-2020-June-20-code-of-conduct.pdf#page=141>