Auditing and Assurance Services, 15e (Arens)

Chapter 1 The Demand for Audit and Other Assurance Services

Learning Objective 1-1

1) The Sarbanes-Oxley Act applies to which of the following companies?

A) All companies
B) Privately held companies
C) Public companies
D) All public companies and privately held companies with assets greater than $500 million

2) Which of the following is considered audit evidence?

A)
Oral statements Written Auditor
made by management Communications Observation
Y N N

B)
Oral statements Written Auditor
made by management Communications Observation
N Y Y

C)
Oral statements Written Auditor
made by management Communications Observation
Y Y Y

D)
Oral statements Written Auditor
made by management Communications Observation
N N Y

3) Evidence is paramount to audit and attestation engagements. List the four basic types of audit
evidence.
Answer: The four types of audit and attestation evidence include:
1. Electronic and documentary data about transactions
2. Written and electronic communications with outsiders
3. Observations by the auditor
4. Oral testimony of the auditee (client)

1) Recording, classifying, and summarizing economic events in a logical manner for the purpose
of providing financial information for decision making is commonly called:
A) finance.
B) auditing.
C) accounting.
D) economics.

1
Copyright © 2014 Pearson Education, Inc.
2) An accountant:
A) must possess expertise in the accumulation of audit evidence.
B) must decide the number and types of items to test.
C) must have an understanding of the principles and rules that provide the basis for preparing the
accounting information.
D) must be a CPA.

2
Copyright © 2014 Pearson Education, Inc.
3) In "auditing" financial accounting data, the primary concern is with:
A) determining whether recorded information properly reflects the economic events that
occurred during the accounting period.
B) determining if fraud has occurred.
C) determining if taxable income has been calculated correctly.
D) analyzing the financial information to be sure that it complies with government requirements.

4) The trait that distinguishes auditors from accountants is the:

A) auditor's ability to interpret accounting principles generally accepted in the United States.
B) auditor's education beyond the Bachelor's degree.
C) auditor's ability to interpret FASB Statements.
D) auditor's accumulation and interpretation of evidence related to a company's financial
statements.

5) Discuss the differences and similarities between the roles of accountants and auditors. What
additional expertise must an auditor possess beyond that of an accountant?
Answer: The role of accountants is to record, classify, and summarize economic events in a
logical manner for the purpose of providing financial information for decision making. To
provide relevant information, accountants must have a thorough understanding of the principles
and rules that provide the basis for preparing the accounting information. In addition,
accountants must develop a system to ensure that the entity's economic events are properly
recorded on a timely basis and at a reasonable cost.

The role of auditors is to determine whether the recorded information prepared by accountants
properly reflects the economic events that occurred during the accounting period. Because U.S.
or international standards provide the criteria for evaluating whether financial information is
properly recorded, auditors must thoroughly understand those accounting standards. In addition
to understanding accounting, the auditor must possess expertise in the accumulation and
interpretation of audit evidence. It is this expertise that distinguishes auditors from accountants.
Determining the proper audit procedures, deciding the number and types of items to test, and
evaluating the results are unique to the auditor.

1) ________ risk reflects the possibility that the information upon which the business decision
was made was inaccurate.
A) Client acceptance
B) Information
C) Business
D) Control

1) A correct relationship among the auditor, the client, and the external users is:
A) management of a public company hires the independent auditor.
B) the audit committee of a private company hires the independent auditor.
C) the client provides capital to the external users.
D) the external users can rely upon the auditor's report to reduce information risk.

2) The most common way for users to obtain reliable information is to:
A) have an internal audit.

3
Copyright © 2014 Pearson Education, Inc.
B) have an independent audit.
C) verify all information individually.
D) verify the information with management.

3) Explain what is meant by information risk, and list the four causes of this risk.
Answer: Information risk reflects the possibility that the information upon which the business
risk decision was made was inaccurate. Four causes of information risk are:
• remoteness of information,
• biases and motives of the provider,
• voluminous data, and
• complex exchange transactions.

1) In the audit of historical financial statements, what accounting criteria is most common?
A) Regulatory accounting principles
B) Applicable international accounting standards
C) Applicable U.S. accounting standards
D) B and C
E) All of the above

2) Any service that requires a CPA firm to issue a report about the reliability of an assertion that
is made by another party is a(n):
A) accounting and bookkeeping service.
B) attestation service.
C) assurance service.
D) tax service.

3) Three common types of attestation services are:

A) audits of historical financial statements, reviews of historical financial statements, and audits
of internal control over financial reporting.
B) audits of historical financial information, verifications of historical financial information, and
attestations regarding internal controls.
C) reviews of historical financial information, verifications of future financial information, and
attestations regarding internal controls.
D) audits of historical financial information, reviews of controls related to investments, and
verifications of historical financial information.

4) Which of the following services provides the lowest level of assurance on a financial
statement?
A) A review
B) An audit
C) Neither service provides assurance on financial statements.
D) Each service provides the same level of assurance on financial statements.
AACSB: Reflective thinking skills

5) Which of the following is not a SysTrust Services principle as defined by the AICPA?
A) Online privacy

4
Copyright © 2014 Pearson Education, Inc.
B) Availability
C) Processing integrity
D) Operational integrity

6) The Sarbanes-Oxley Act prohibits a CPA firm that audits a public company from providing
which of the following types of services to that company?
A) Reviews of quarterly financial statements
B) Preparation of corporate tax returns
C) Most consulting services
D) Tax services

7) Attestation services on information technology include WebTrust services and SysTrust

services. Which of the following statements most accurately describes SysTrust services?
A) SysTrust services provide assurance on business processes, transaction integrity and
information processes.
B) SysTrust services provide assurance on system reliability in critical areas such as security and
data integrity.
C) SysTrust services provide assurance on internal control over financial reporting.
D) SysTrust services provide assurance as to whether accounting personnel are following
procedures prescribed by the company controller.
Answer: B

8) Two types of attestation services provided by CPA firms are audits and reviews. Discuss the
similarities and differences between these two types of attestation services. Which type provides
the least assurance?
Answer: In both the review and audit of the historical financial statements, management asserts
that the statements are fairly stated in accordance with accounting standards. The CPA provides
a lower level of assurance for reviews of financial statements compared to the high level for
audits, therefore less evidence is needed. A review is often adequate to meet financial statement
users' needs. It can be provided by a CPA firm at a much lower fee than an audit because less
evidence is needed.

An audit is the most common assurance service provided by CPA firms. Publicly traded
companies in the U.S. are required to have audits under the federal securities acts. Many
nonpublic companies have a review to limit auditor fees.
Terms: Attestation services; Audits and reviews of historical financial statements

5
Copyright © 2014 Pearson Education, Inc.
9) What is an engagement to attest on internal control over financial reporting?
Answer: For an audit of internal control over financial reporting, management asserts that
internal controls have been developed and implemented following well established criteria.
Section 404 of the Sarbanes-Oxley Act requires public companies to report management's
assessment of the effectiveness of internal control over financial reporting. The Act also requires
auditors for larger public companies to attest to the effectiveness of internal control over
financial reporting. This evaluation, which is integrated with the audit of financial statements,
increases user confidence about future financial reporting, because effective internal controls
reduce the likelihood of future misstatements in the financial statements.

10) What are the five categories of attestation services?

Answer: The five categories of attestation services include:
• Audit of historical financial statements
• Audit of internal control over financial reporting
• Review of historical financial statements
• Attestation services on information technology
• Other attestation services that may be applied to a broad range of subject matter

11) What is a WebTrust engagement? What is a SysTrust engagement? How do they differ?
Answer: WebTrust is a service provided by a CPA where the CPA provides assurance that the
Web Site owner has met established criteria related to business practices, transaction integrity,
and information processes.

SysTrust is a service provided by a CPA to evaluate and test a system reliability in areas such as
security and data integrity. There are five principles that must be addressed on a SysTrust
engagement: security, availability, processing integrity, online privacy, and confidentiality.

WebTrust is primarily designed to provide assurance to third party users of a Web site. SysTrust
provides assurance to management, the board of directors or third parties about the reliability of
information systems used to generate real-time information.

1) One objective of an operational audit is to:

A) determine whether the financial statements fairly present the entity's operations.
B) determine if the auditee is in compliance with GAAP.
C) make recommendations for improving performance.
D) report on the entity's relative success in attaining profit maximization.

2) An examination of part of an organization's procedures and methods for the purpose of

evaluating efficiency and effectiveness is what type of audit?
A) Operational audit
B) Compliance audit
C) Financial statement audit
D) Production audit

3) An audit to determine whether an entity is following specific procedures or rules set down by
some higher authority is classified as a(n):
A) audit of financial statements.

6
Copyright © 2014 Pearson Education, Inc.
B) compliance audit.
C) operational audit.
D) production audit.

4) Which one of the following is more difficult to evaluate objectively?

A) Presentation of financial statements in accordance with generally accepted accounting
principles
B) Compliance with government regulations
C) Efficiency and effectiveness of operations
D) All three of the above are equally difficult.

5) Which of the following audits can be regarded as generally being a compliance audit?
A) IRS agents' examinations of taxpayer returns
B) GAO auditor's evaluation of the computer operations of governmental units
C) An internal auditor's review of a company's payroll authorization procedures
D) A CPA firm's audit of a public company

6) Which of the following are required to have a written report regarding the assertion of another
party?
A)
Financial
Statement Operational Compliance Attestation Assurance
Audit Audit Audit Engagement Engagement
Y Y Y Y Y

B)
Financial
Statement Operational Compliance Attestation Assurance
Audit Audit Audit Engagement Engagement
Y Y Y Y N

C)
Financial
Statement Operational Compliance Attestation Assurance
Audit Audit Audit Engagement Engagement
Y Y Y N N

D)
Financial
Statement Operational Compliance Attestation Assurance
Audit Audit Audit Engagement Engagement
N N N Y Y

7
Copyright © 2014 Pearson Education, Inc.
7) Discuss the similarities and differences between financial statement audits, operational audits,
and compliance audits. Give an example of each type.
Answer: Financial statement audits, operational audits, and compliance audits are similar in that
each type of audit involves accumulating and evaluating evidence about information to ascertain
and report on the degree of correspondence between the information and established criteria
and/or procedures, rules, or regulations. The differences between each type of audit are the
information being examined and the criteria used to evaluate the information.

An operational audit evaluates the efficiency and effectiveness of any part of an organization's
operating procedures and methods. At completion of an operational audit, management normally
expects recommendations for improving operations. In operational auditing, the reviews are not
limited to accounting. It is more difficult to objectively evaluate whether the efficiency and
effectiveness of operations meets established criteria than it is for compliance and financial
statement audits. Also, establishing criteria for evaluating the information in an operational audit
is extremely subjective. Thus, operational auditing is more like management consulting than
what is usually considered auditing.

A compliance audit is conducted to determine whether the auditee is following specific

procedures, rules, or regulations set by some higher authority. Results of compliance audits are
typically reported to management, like in the operational audits, rather than to outside users as is
done with financial statement audits.

A financial statement audit is conducted to determine whether financial statements are stated in
accordance with specified criteria, normally the U.S. or international standards. Auditors not
only focus on accounting transactions, but also focus on an integrated approach in which both the
risk of misstatements and the operating controls are considered. The auditor must have a
thorough understanding of the entity and its environment.

An example of a financial statement audit would be the annual audit of IBM Corporation, in
which the external auditors examine IBM's financial statements to determine the degree of
correspondence between those financial statements and generally accepted accounting principles.
An example of an operational audit would be an internal auditor's evaluation of whether the
company's computerized payroll-processing system is operating efficiently and effectively. An
example of a compliance audit would be an IRS auditor's examination of an entity's federal tax
return to determine the degree of compliance with the Internal Revenue Code.
Terms: Financial statement audits, operational audits and compliance audits

8
Copyright © 2014 Pearson Education, Inc.
Learning Objective 1-7

1) Match the engagement described to the (A) type of audit and (B) auditor that would perform
the engagement. Each engagement will have an answer from List-A and List-B. An answer can
be used once, more than once, or not at all.

List A - Type of Audit: List B - Type of Auditor:

a. Financial Statement d. Internal
b. Compliance e. External
c. Operational f. Government
g. IRS

Engagement:
1. Evaluate a company's payroll processing for economy.
2. Evaluate/determine if bank covenants are being met.
3. Evaluate financial statements that are to be submitted to a bank.
4. Evaluate the promptness of materials inspection in a manufacturer's receiving department.
5. Determine if Medicare reimbursements are in accordance with the Healthcare Financing
Administration (HCFA).
6. Determine if the tax return of a multinational corporation is in accordance with the tax code.
7. Determine if a public school is properly applying their reimbursement for the payment-in-kind
program.
8. Determine the effectiveness of a Department of Defense project.
Answer:
1. c, d
2. b, d
3. a, e
4. c, d
5. b, f
6. b, g
7. b, e
8. c, f

9
Copyright © 2014 Pearson Education, Inc.
2) Discuss the similarities and differences between the roles of independent auditors, GAO
auditors, internal revenue agents, and internal auditors.
Answer: The roles of all four types of auditors are similar in that they involve the accumulation
and evaluation of evidence about information to ascertain and report on the degree of
correspondence between the information and established criteria. The differences in their roles
center around the information audited and the criteria used to evaluate that information.
Independent auditors primarily audit companies' financial statements. GAO auditors' primary
responsibility is to perform the audit function for Congress. IRS auditors are responsible for the
enforcement of federal tax laws. Internal auditors primarily perform operational and compliance
audits for their employing company.

3) The primary role of the United States General Accounting Office is the enforcement of the
federal tax laws as defined by Congress and interpreted by the courts.
A) True
B) False

Learning Objective 1-8

1) The three requirements for becoming a CPA include all but which of the following?
A) Uniform CPA examination requirement
B) Educational requirements
C) Character requirements
D) Experience requirement

2) The use of the Certified Public Accountant title is regulated by:

A) the federal government.
B) state law through a licensing department or agency of each state.
C) the American Institute of Certified Public Accountants through the licensing departments of
the tax and auditing committees.
D) the Securities and Exchange Commission.

3) List and discuss the three primary requirements to become a CPA.

Answer: The three primary requirements for becoming a CPA are:
• Educational requirement. An undergraduate degree or a graduate degree with a major in
accounting is required. Most states now require 150 semester hours for licensure and some states
require 150 semester hours before taking the CPA exam.
• Uniform CPA examination requirement. This is a four-part, computer-based examination
with components on auditing and attestation, financial accounting and reporting, regulation, and
business environment and concepts. Some states also require a separate ethics requirement.
• Experience requirement. The experience requirement varies from state to state with some
states requiring no experience, while other states require up to two years of audit experience.
Terms: Primary requirements to become CPA
Diff: Easy
Objective: LO 1-8
AACSB: Reflective thinking skills

10
Copyright © 2014 Pearson Education, Inc.