SOX:

o Sarbanes-Oxley applies to publicly traded companies. SOX created the

PCAOB to increase the independence of auditors.
Most provisions are aimed at solving specific deficiencies in:
Audit practice *
Corporate governance *
Capital markets
o Partner in charge rotation: 5 years on and 5 years of
o Other partners are rotated on a 7-2-7 basis
o Auditors face a 1 year cooling of period before accepting employment
with a former audit client.
o SEC 404: the internal controls that are in place are audited by the
external auditors as well as the financial statements
o SOX requires that public companies have an audit committee
composed entirely of independent directors and have at least one
financial expert (SEC 407)
Clarity standards: (new audit report)
o See print out
Audit opinions:
o Unqualified opinion: independent auditors judgment that a companys
financial records and statements are fairly and appropriately presented
and in accordance with GAAP. The most common opinion given.
Now called an unmodified opinion
o Qualified opinion: the information provided was limited in scope and
the company has not presented their financial records in accordance
with GAAP.
o Adverse opinion: opinion that the companys financial statements are
misrepresented, misstated, and do not reflect the companys financial
performance and health.
o Disclaimer of opinion: issued when the auditor is not independent or
when there is a limitation on scope imposed by the client so the
auditor is unable to obtain evidence to supply an appropriate opinion.
New client acceptance:
o Talk with the previous auditor of that company
o Identify the clients reason for needing the audit (going public, want to
sell the company)
o Send out an engagement letter to the potential client
o Develop an audit strategy (depends on the business and industry)
o Select the right staf to meet GAAS
o See if outside specialists are needed (people who know the business or
industry)
Audit risk:
o Refers to the risk that an auditor may issue an unmodified (unqualified)
report due to the auditors failure to detect material misstatements
either due to error or fraud.
o There are two types of audit risk:

Acceptable audit risk: is a measure of how willing the auditor is

to accept that the financial statements may be materially
misstated after the audit is complete and an unmodified opinion
has been issued.
Inherent risk: is a measure of the auditors assessment of the
likelihood that there are material misstatements in an account
balance before considering the efectiveness of internal control.
o Assessing risk is important to help determine the amount of evidence
needed to be accumulated.
Analytical procedures:
o Defined as evaluations of financial information made by a study of
plausible relationships among financial and nonfinancial data.
o Performed at any 3 times during an engagement:
In the planning phase
To determine the nature, extent, and timing of audit
procedures
During the testing phase
Substantive test in support of account balances
During the completion phase
Final review of audited financial statements (senior
partner)
o 5 types of analytical procedures:
Industry data
Similar prior-period data
Client-determined expected results
Auditor-determined expected results
Expected results using nonfinancial data
Testing of controls:
o 4 types of testing:
Make inquiries of appropriate client personnel
Examine documents, records, and reports
Observe control-related activities
Reperform client procedures
Work papers:
o Bank reconciliation