Advanced External Auditing [AU2] Examination Blueprint

Transcription

1 Purpose Advanced External Auditing [AU2] Examination Blueprint The Advanced External Auditing [AU2] examination has been constructed using an examination blueprint. The blueprint, also referred to as the test specifications, outlines the content areas covered on the examination and the weighting allotted to each content area. This document also lists the topics, the level of competence for each topic, and the related learning objectives. The learning objectives have been designed to ensure that the competencies are met. In addition, information is provided on the proportion of each question type presented in the examination (that is, multiple choice, quantitative problems, and so on). Use Candidates should use the examination blueprint to prepare for the course examination. The blueprint may not include all the topics listed in the course materials; however, candidates are still responsible for acquiring a broad-based knowledge of all topics not listed in the blueprint since these topics will be tested in assignment and review questions. The topics not listed in the blueprint will also provide candidates with a greater depth of understanding of auditing concepts. Examination Objectives The objective of the 4-hour comprehensive examination is to test CGA candidates on the prerequisite knowledge required for advancement into PA1 and PA2, so as to ensure that the candidates have the broad-based knowledge in assurance needed to function properly in the association s capstone courses. Examination Guidelines for Questions i) Question Type The following are guidelines on the type of questions and their approximate weightings: Question Item Multiple-choice questions Short-answer and/or short case-type problems and/or a longer case-type problem of both a qualitative and quantitative nature. Description Questions may take a conceptual approach or they may require technical and analytical skills to derive the correct solution. Questions may focus on technical or analytical aspects of the material. Short, integrative cases may be used to pull together related issues. For example, a problem may require candidates to outline alternatives, supporting their recommendations with numerical analysis. Percentage 20-30% 70-80% ii) Question Content The following table is organized according to content area and provides information on topics, learning objectives, weighting, competencies and levels of competence. The competencies applicable to a particular module are identified independent of the learning objectives. Examination sessions: December 2014, June 2015 Page 1 of 21

2 Table 1. Advanced External Auditing [AU2] Examination Blueprint Content 1. Conceptual issues in assurance 10-15% 1.1 Value of audits: How assurance supports decisionmaking 1.2 Current challenges facing the auditing profession 1.3 The economics of audit 1.4 Role and objectives of standard-setters, regulators, and professional bodies 1.5 Corporate failures and the impact on the profession 1.6 Auditor independence and independence risk Assess the key drivers in the demand for audits and evaluate the impact of assurance services on decision-making. Evaluate the current challenges facing the auditing profession and propose solutions to address those challenges. Evaluate supply and demand issues related to the economics of audit. Evaluate the role of standardsetters, regulators, and professional bodies in protecting the public interest and advancing the assurance profession. Assess the impact of corporate failures on the public perception of auditing and the impact of the response by regulators and professional bodies on the assurance profession. Explain the importance of auditor independence and evaluate the threats and safeguards to independence in accordance with the Independence Standard. PR:SF:01: Anticipates and meets the needs and expectations of internal and external stakeholders (develops a sound understanding of the organization and its business environment, determines what information is needed by various stakeholders, seeks feedback from various stakeholders, provides relevant and timely information for decision making). PR:ET:04: Protects the public interest (maintains and raises the visibility of the ethical nature of the profession and professional accounting standards). PK:BE:06: Identifies, analyzes, and evaluates enterprise risk factors (market, legal, environmental, technological, operational). PK:BE:02: Advises on business decisions in the context of larger economic and geopolitical conditions (national and world economic conditions, government priorities, and financial markets). PR:ET:02: Exercises integrity and a high level of professional judgment. PR:ET:03: Maintains objectivity and independence in appearance and fact (avoids real and perceived conflicts of interest). PR:SF:02: Acts in the best interests of the stakeholders (represents stakeholders interests when changes are proposed to standards and regulations, informs stakeholders about anticipated changes and their potential impact). PK:AS:02: Determines and advises on whether to accept an engagement consistent with professional standards (evaluates potential clients, communicates with predecessor auditor, checks for conflict of interest). PR:PD:02: Contributes to research and technical advancements in the profession. PR:PD:03: Enhances the profession s image/reputation. PR:ET:01: Applies professional ethical standards (understands and follows the word and spirit of the Code of ethics of CPAt, takes action in response to situations that are contrary to the ethical code of the profession). PK:BE:03: Anticipates and recognizes market factors and stakeholders interests, and adapts business decisions and processes (changes to market share through acquisitions, diversification, or divestment of certain business units; supply chain management; customer relationship management; agency theory). PK:BE:04: Advises on business decisions in the context of the legal framework (business registration, benefits of incorporation, Examination sessions: December 2014, June 2015 Page 2 of 21

3 labour and employment laws, corporate and securities legislation). LD:SO:05: Manages change in the organization caused by internal and external factors (continuous process improvement). Content 2. Evidence gathering and reporting 10-15% 2.1 Roles and responsibilities of audit team members 2.2 Team and client relations 2.3 Professional judgment 2.4 Distinguishing types of risk 2.5 Evidence Explain the roles and responsibilities of audit team members throughout the audit phases. Evaluate the communication techniques for fostering a positive audit team environment, dealing with client personnel, and handling difficult client situations. Effectively plan, manage, execute, and follow up after team meetings, and distinguish between planning and debriefing meetings. Define professional judgment and explain why it is a critical element of the auditing profession. Evaluate the implications of the different types of risk faced by the auditor on the audit engagement: information, business, inherent, control, fraud, and audit risk. Determine how much and what types of evidence to gather. PK:BE:10: Advises on organizational structure (levels of responsibility and authority). PK:AS:05: Develops a plan for the engagement or management audit (staffing, use of specialists, time budget, technological tools, timing of the engagement, timing of the management audit). PR:SE:01: Acts within the scope of professional competence (does not attempt to provide expert advice in areas of specialized knowledge outside own capabilities and qualifications). LD:IT:01: Builds and motivates high-performance individuals and teams to achieve goals and objectives (recruits high-potential individuals; recognizes the value of and supports working with diverse and cross-functional teams). LD:IT:02: Leads and empowers individuals and teams to achieve the organization s goals and objectives (leads by example, commits self and team to achievement of goals, aligns personal and organizational interests, delegates authority and levels of decision making to team members). LD:IT:03: Distributes workload to balance accomplishment of work responsibilities with learning opportunities and challenges for team members. LD:IT:05: Evaluates performance of individuals and teams and provides timely and constructive feedback. PK:AS:02: Determines and advises on whether to accept an engagement consistent with professional standards (evaluates potential clients, communicates with predecessor auditor, checks for conflict of interest). PR:SF:01: Anticipates and meets the needs and expectations of internal and external stakeholders (develops a sound understanding of the organization and its business environment, determines what information is needed by various stakeholders, seeks feedback from various stakeholders, provides relevant and timely information for decision making). PR:SE:04: Evaluates own professionalism and professional knowledge (invites and accepts feedback from stakeholders). LD:IT:04: Solicits and acts on input from individuals and teams in order to optimize individual and team effectiveness (fosters free Examination sessions: December 2014, June 2015 Page 3 of 21

4 Identify the different types of 2.6 Types of misstatements in estimates: misstatements factual, judgmental, and projected. 2.7 Estimates Explain the role of estimation uncertainty in audit risk, evaluate the reasonableness of accounting estimates, and assess the impact of misstatements in fair value estimates. exchange of ideas, reserves judgment, explains reasons for final decisions). PR:CM:03: Communicates information in a timely, clear, and concise manner (explains quantitative and qualitative information in language adapted to various stakeholders). PR:CM:04: Projects a professional image in communications. PR:CM:05: Follows up to ensure that communications are clearly understood (both internal and external to the organization). PR:CM:06: Ensures effective meetings by developing agendas and minutes, and facilitating discussions. PR:CM:07: Facilitates resolution between differing viewpoints (business dispute resolution, contract negotiation, mediation). PR:ET:02: Exercises integrity and a high level of professional judgment. PR:ET:01: Applies professional ethical standards (understands and follows the word and spirit of the Code of ethics of CPA, takes action in response to situations that are contrary to the ethical code of the profession). LD:SO:08: Assumes leadership at various phases of planning, implementation, and evaluation (assesses risk, identifies direction, deals with uncertainty, plans and manages projects). PR:IA:01: Aggregates information from a variety of sources and perspectives to assess the impact of issues on the organization (obtains multiple opinions when evaluating contentious issues and reconciles these various opinions). PR:IA:02: Evaluates the interrelationship of an issue on different functions of the organization and applies concepts and approaches within and across functional areas to develop integrative solutions (coordinates the relevant accounting, assurance, finance, information technology, and taxation implications of events and transactions). PK:AS:04: Evaluates risks and business issues (nature of organization, control environment) to determine their impact on the engagement or management audit (extent, materiality, nature, and timing of engagement). PK:BE:06: Identifies, analyzes, and evaluates enterprise risk factors (market, legal, environmental, technological, operational). PK:AS:03: Determines the scope of the engagement or management audit (contents of engagement letter, client expectation, limitations on scope, timing, sign-offs). PR:PS:02: Collects, selects, verifies, and evaluates information relevant to the problem. PR:PS:03: Integrates and analyzes data for patterns, relationships, and trends. PR:SE:03: Applies professional skepticism (maintains an inquisitive mind that is vigilant for potential misstatements, Examination sessions: December 2014, June 2015 Page 4 of 21

5 considers where problems are likely to arise and monitors these areas). PK:FA:03: Researches, evaluates, and advises on the appropriate accounting treatment for complex transactions (step-by-step acquisitions, fair value determinations, encumbrances, endowment trusts, financial instruments). Examination sessions: December 2014, June 2015 Page 5 of 21

6 3. Strategic systems auditing 6-10% 3.1 Business risk 3.2 Analysis of the business and its strategy 3.3 Risk analysis and reduction 3.4 Business risk and audit risk 3.5 Business performance analysis and the financial statements 3.6 Strategic systems auditing and Canadian Auditing Standards Examine the impact of strategic systems auditing on the audit approach. Understand the relationship between client business risk and auditor engagement risk and how information technology affects client business risk. Document knowledge of the client s business, including information systems, and develop an audit plan for the audit of enterprise risk management. Design the audit process to include effective quality control standards for firms and design an audit plan to include specialist assistance and address high-risk engagements. Understand how changes in the levels of client business risk affect audit risk. Understand how business performance analysis impacts inherent risk and control risk assessments. Evaluate client business risk and set audit risk using CAS. PK:BE:06: Identifies, analyzes, and evaluates enterprise risk factors (market, legal, environmental, technological, operational). PK:AS:04: Evaluates risks and business issues (nature of organization, control environment) to determine their impact on the engagement or management audit (extent, materiality, nature, and timing of engagement). LD:OE:04: Conducts business process reviews of existing systems, processes, and controls within the organization (identifies, recommends, and evaluates enhancements, including policy, program, and process changes to effect cost containment and/or productivity improvements). LD:SO:02: Evaluates the organization s strengths, weaknesses, opportunities, and threats (reputation, process, finances, human resources, location, brand recognition, competition). PK:MA:01: Designs, evaluates, and advises on the organization s performance measures to ensure alignment with corporate strategy, and recommends changes as required (KPIs and balanced scorecards). PK:AS:09: Advises on the design and implementation of new or enhanced internal controls (to strengthen systems and operational controls, reduce exposure to business risks, enhance operating effectiveness, or comply with rules and regulations). PK:BE:08: Implements and advises on measures to mitigate enterprise risk (works with management to develop a risk management matrix). PK:FA:09: Develops, prepares, analyzes, and interprets relevant financial and non-financial performance measures (comparative financial results, trend/ratio/industry analysis, key performance indicators). PR:PS:03: Integrates and analyzes data for patterns, relationships, and trends. PR:IA:01: Aggregates information from a variety of sources and perspectives to assess the impact of issues on the organization (obtains multiple opinions when evaluating contentious issues and reconciles these various opinions). PK:AS:06: Develops and/or modifies procedures for the engagement or management audit (prepares review or audit procedures, modifies audit procedures in the presence of fraud risk factors or known errors). PK:AS:07: Executes the engagement or management audit in accordance with professional standards (understands the purpose of the selected procedures, completes audit procedures as intended). Examination sessions: December 2014, June 2015 Page 6 of 21

7 PR:ET:05: Plans and exercises due diligence (plans and constructs due diligence checklist for mergers and acquisitions or public listing cases; conducts financial statement reviews with financial due diligence; conducts operations and manages with due diligence). LD:OE:02: Designs, evaluates, and reports on internal control systems to ensure organizational effectiveness. PK:BE:07: Develops, evaluates, and advises on the organization s risk management policy and processes. Examination sessions: December 2014, June 2015 Page 7 of 21

8 4. Internal controls in a computerized environment 10-15% 4.1 Effect of information systems on the audit of internal controls and control risk 4.2 Control environment and risk assessment process 4.3 General computer controls 4.4 Audit of entity-level controls 4.5 Control activities, information and communication, and monitoring of controls 4.6 Tests of application controls Explain the impact of information systems on the audit of internal controls and control risk, citing relevant auditing standards. Assess the impact of the quality of IT governance and the control environment on the audit process and on control risk. Relate the client s risk assessment process to the nature of client information systems. Select control objectives for general computer controls and relevant general control policies or procedures. Decide how the quality of general computer controls affects control risk. Assess and select audit procedures for entity-level information systems controls. Relate the quality of entitylevel controls to control risk. Evaluate the impact on control risk of control activities, information and communication, and monitoring of controls pertaining to information systems. Evaluate the tests of key controls for batch and online processing. Relate manual, computer-assisted, and fully PK:FA:12: Evaluates and advises on financial accounting and related systems (cash management, accounts payable, accounts receivable, credit control, inventory). PK:IT:07: Evaluates and advises on the safeguarding of IT assets to ensure organizational ability to meet business objectives (analyzes and evaluates IT controls, control environment, systems acquisition and/or development). LD:OE:02: Designs, evaluates, and reports on internal control systems to ensure organizational effectiveness. PK:AS:04: Evaluates risks and business issues (nature of organization, control environment) to determine their impact on the engagement or management audit (extent, materiality, nature, and timing of engagement). PK:AS:08: Identifies, evaluates, and advises on internal control systems, and communicates weaknesses to the appropriate level of the organization (financial approval authority, credit control, segregation of duties, evaluation of fraud risk factors). PK:AS:06: Develops and/or modifies procedures for the engagement or management audit (prepares review or audit procedures, modifies audit procedures in the presence of fraud risk factors or known errors). PK:AS:07: Executes the engagement or management audit in accordance with professional standards (understands the purpose of the selected procedures, completes audit procedures as intended). PK:IT:05: Advises on the design, development, and implementation of IT projects including specific applications software (enterprise resource planning systems, user-acceptance testing, business requirements definition, installation upgrades; systems, methods, and procedures design; processing, data storage, input, and output design; conversion strategies for system delivery; design for application controls). PR:SE:02: Knows when and how to refer to other professionals and experts (seeks advice or refers clients in areas such as law, IT, financial instruments, international business development). PK:AS:05: Develops a plan for the engagement or management audit (staffing, use of specialists, time budget, technological tools, timing of the engagement, timing of the management audit). Examination sessions: December 2014, June 2015 Page 8 of 21

9 automated controls in the sales cycle to each audit assertion, and select audit tests for testing the controls. 4.7 Relying on service auditors reports 4.8 Using the work of internal audit Explain why the auditor may need to rely on a service auditor report and assess the impact of relevant audit standards on this decision. Assess the ability of internal auditors to assist the external auditor during the audit of a client s information systems, using current audit standards. Examination sessions: December 2014, June 2015 Page 9 of 21

10 5. Access controls and computer-assisted audit techniques 12-17% 5.1 Policies and standards for access controls 5.2 Physical and logical access controls 5.3 Data security and information privacy 5.4 Network and application security Evaluate the role and impact of effective access controls with respect to the phases of the financial statement audit process, and specify useful policies and standards for access controls using relevant frameworks. Describe the importance of physical and logical access controls to the assessment of control risk, and evaluate the impact of advanced systems such as ERP systems on the audit of access controls. Explain how a privacy framework can be used to contribute to an organization s privacy strategy, and evaluate the impact of such a strategy on assurance engagements. Explain how network and application security threats affect the financial statement audit, assess the quality of network security using COSO and CoCo, and apply effective network security to the payroll application cycle. PK:IT:07: Evaluates and advises on the safeguarding of IT assets to ensure organizational ability to meet business objectives (analyzes and evaluates IT controls, control environment, systems acquisition and/or development). PK:AS:08: Identifies, evaluates, and advises on internal control systems, and communicates weaknesses to the appropriate level of the organization (financial approval authority, credit control, segregation of duties, evaluation of fraud risk factors). PK:IT:08: Evaluates and advises on the development of IT disaster recovery plans (written procedures for off-site backup of data and system, order of recovery, succession plan). PR:ET:06: Ensures confidentiality of stakeholder information (protects proprietary information). PK:BE:04: Advises on business decisions in the context of the legal framework (business registration, benefits of incorporation, labour and employment laws, corporate and securities legislation). PK:IT:02: Selects and uses appropriate business technology tools in the workplace (spreadsheets, tax compliance software, generalized audit software, online knowledge bases). PK:AS:06: Develops and/or modifies procedures for the engagement or management audit (prepares review or audit procedures, modifies audit procedures in the presence of fraud risk factors or known errors). PR:PS:03: Integrates and analyzes data for patterns, relationships, and trends. PK:AS:07: Executes the engagement or management audit in accordance with professional standards (understands the purpose of the selected procedures, completes audit procedures as intended). 5.5 Types of CAATs and their benefits Assess the advantages and disadvantages of the different types of CAATs and relate them to the audit tests conducted by the financial statement auditor. Examination sessions: December 2014, June 2015 Page 10 of 21

11 5.6 Using CAATs for analytical review 5.7 Using systemoriented CAATs for testing controls 5.8 Using data-oriented CAATs in substantive testing Explain how CAATs and automated working paper products can be used in analytical review throughout the phases of the financial statement audit. Relate system-oriented CAATs to risk assessment, control testing, and the role of the information systems audit specialist. Relate data-oriented CAATs to risk assessment, tests of detail, and the role of the information systems audit specialist. Examination sessions: December 2014, June 2015 Page 11 of 21

12 6. Impact of e-commerce on controls 6-9% 6.1 Internet and webbased technologies used in organizations 6.2 Risk identification 6.3 Internal control considerations 6.4 Electronic audit evidence 6.5 Working with IT specialists Explain the effect of e- commerce, application service providers, service-oriented architecture, and the cloud on information systems processing and state the impact of independence rules on the information systems services that auditors can offer their clients. Describe the risks associated with organizational use of data communications systems (including the Internet and wireless computing), electronic data interchange, and electronic funds transfer. State the effect of e- commerce, wireless systems, payment card industry standards, and e-payment systems on the financial statement audit. Describe the characteristics of good-quality electronic audit evidence and explain how electronic working papers are controlled during and after the financial statement audit, including file freeze procedures. List the typical qualifications of IT specialists and explain the role of IT specialists on the financial statement audit team. PK:IT:04: Evaluates and advises on the impact of new technologies on business processes (e-commerce; Internet, intranet, and extranet technologies; biometrics). PK:AS:04: Evaluates risks and business issues (nature of organization, control environment) to determine their impact on the engagement or management audit (extent, materiality, nature, and timing of engagement). PK:AS:08: Identifies, evaluates, and advises on internal control systems, and communicates weaknesses to the appropriate level of the organization (financial approval authority, credit control, segregation of duties, evaluation of fraud risk factors). PK:IT:02: Selects and uses appropriate business technology tools in the workplace (spreadsheets, tax compliance software, generalized audit software, online knowledge bases). PK:AS:10: Analyzes and documents the evidence and results of the engagement or management audit to develop conclusions (prepares working papers with sufficient detail and clarity to support the conclusion). PR:SE:02: Knows when and how to refer to other professionals and experts (seeks advice or refers clients in areas such as law, IT, financial instruments, international business development). PR:SE:01: Acts within the scope of professional competence (does not attempt to provide expert advice in areas of specialized knowledge outside own capabilities and qualifications). PK:AS:01: Evaluates and consults on the organization s internal and external reporting needs and related assurance requirements (level of assurance required, attestation versus direct reporting audit, review or compilation engagement, special report engagement). PK:AS:06: Develops and/or modifies procedures for the engagement or management audit (prepares review or audit procedures, modifies audit procedures in the presence of fraud risk factors or known errors). PK:IT:07: Evaluates and advises on the safeguarding of IT assets to ensure organizational ability to meet business objectives (analyzes and evaluates IT controls, control environment, systems acquisition and/or development). 6.6 Continuous auditing Compare and contrast and XBRL continuous and traditional Examination sessions: December 2014, June 2015 Page 12 of 21

13 financial statement auditing, and explain the impact of a client s use of XBRL on the financial statement audit. 6.7 ISO and security seals Explain the role of the ISO in the development and certification of international standards and evaluate the advantages and disadvantages of WebTrust, SysTrust, and other information systems certifications. Examination sessions: December 2014, June 2015 Page 13 of 21

14 7. Fraud and forensic accounting 6-8% 7.1 Fraud risk 7.2 Management and auditor responsibilities 7.3 How auditors deal with earnings management 7.4 Preventive controls and detective procedures 7.5 Forensic accounting and fraud examination Evaluate a situation for fraud risk in terms of the components of the fraud triangle and explain the findings of recent fraud research studies. Differentiate between the responsibilities of management and the auditor in preventing and detecting fraud and illegal acts, and evaluate the effect of the expectation gap on the auditor s actions. Differentiate between efficient (appropriate) earnings management and opportunistic (inappropriate) earnings management, and evaluate the auditor s responsibilities when faced with inappropriate earnings management. Evaluate key controls organizations can use to prevent fraud and key detective procedures used by organizations and auditors to detect fraud. Differentiate between a financial statement audit and a fraud examination, and explain the elements that comprise a fraud examination, including the basic tools and techniques used by a fraud examiner. PK:AS:04: Evaluates risks and business issues (nature of organization, control environment) to determine their impact on the engagement or management audit (extent, materiality, nature, and timing of engagement). PK:FA:06: Ensures the preparation of timely, reliable, and relevant financial information (financial system design, quality control systems for financial reporting, internal controls). PR:SF:02: Acts in the best interests of the stakeholders (represents stakeholders interests when changes are proposed to standards and regulations, informs stakeholders about anticipated changes and their potential impact). PK:AS:11: Develops and advises on a framework for detection of fraud (payroll fraud, billing fraud, computer fraud, forensic investigation procedures). PR:SE:03: Applies professional skepticism (maintains an inquisitive mind that is vigilant for potential misstatements, considers where problems are likely to arise and monitors these areas). PK:AS:06: Develops and/or modifies procedures for the engagement or management audit (prepares review or audit procedures, modifies audit procedures in the presence of fraud risk factors or known errors). PK:AS:11: Develops and advises on a framework for detection of fraud (payroll fraud, billing fraud, computer fraud, forensic investigation procedures). PK:AS:08: Identifies, evaluates, and advises on internal control systems, and communicates weaknesses to the appropriate level of the organization (financial approval authority, credit control, segregation of duties, evaluation of fraud risk factors). PK:IT:04: Evaluates and advises on the impact of new technologies on business processes (e-commerce; Internet, intranet, and extranet technologies; biometrics). PR:PD:05: Applies new learning for the benefit of stakeholders. PK:IT:07: Evaluates and advises on the safeguarding of IT assets to ensure organizational ability to meet business objectives (analyzes and evaluates IT controls, control environment, systems acquisition and/or development). PK:BE:06: Identifies, analyzes, and evaluates enterprise risk factors (market, legal, environmental, technological, operational). Examination sessions: December 2014, June 2015 Page 14 of 21

15 7.6 Trends and emerging issues in IT 7.7 Current and emerging investigative techniques Evaluate the impact of emerging technology on the auditor, specifically in terms of external and internal fraud threats, and detective techniques for auditing through the computer. Explore current and emerging investigative techniques in the field of fraud examination, and determine which of these techniques can be applied in an audit of financial statements. Examination sessions: December 2014, June 2015 Page 15 of 21

16 8. Assorted topics in advanced auditing 8-10% 8.1 Subsequent events and subsequent discovery of a material misstatement 8.2 Comparatives 8.3 Communication with clients 8.4 Annual reports and MD&A 8.5 Foreign reporting 8.6 First-time engagements Explain what an auditor should do if a material misstatement is discovered in the financial statements both before and after an opinion has been issued. Distinguish between the terms comparative information and corresponding figures, and review the auditor's responsibilities and procedures with respect to comparative figures included in audited financial statements. State the issues that are communicated to management and those with oversight responsibility for the financial reporting process, and illustrate the forms of communication, including the purpose and use of management letters. Review the contents of the annual report, including the management discussion and analysis, and evaluate the auditor's associated responsibilities. Outline the auditor's responsibilities with respect to foreign reporting. Evaluate the basic areas of concern for first-time audits and appropriate actions that may be taken to address these concerns. Levels 2 & 3 PK:AS:06: Develops and/or modifies procedures for the engagement or management audit (prepares review or audit procedures, modifies audit procedures in the presence of fraud risk factors or known errors). PR:ET:04: Protects the public interest (maintains and raises the visibility of the ethical nature of the profession and professional accounting standards). PR:CM:01: Selects an appropriate medium to convey information, ideas, and results considering the need for confidentiality and privacy. PK:AS:12: Summarizes conclusions and prepares a report, letter, or memo (appropriate review or auditor s report, management letter, comfort letter, representation letter, memo to partner, exit interview, internal audit report). PK:AS:03: Determines the scope of the engagement or management audit (contents of engagement letter, client expectation, limitations on scope, timing, sign-offs). PK:AS:04: Evaluates risks and business issues (nature of organization, control environment) to determine their impact on the engagement or management audit (extent, materiality, nature, and timing of engagement). PK:AS:12: Summarizes conclusions and prepares a report, letter, or memo (appropriate review or auditor s report, management letter, comfort letter, representation letter, memo to partner, exit interview, internal audit report). PR:CM:02: Prepares information in formats appropriate for specific purposes (audit reports, memos, management letters, consulting reports, financial reports). PR:CM:04: Projects a professional image in communications. PK:AS:08: Identifies, evaluates, and advises on internal control systems, and communicates weaknesses to the appropriate level of the organization (financial approval authority, credit control, segregation of duties, evaluation of fraud risk factors). PK:AS:09: Advises on the design and implementation of new or enhanced internal controls (to strengthen systems and operational controls, reduce exposure to business risks, enhance operating effectiveness, or comply with rules and regulations). PK:AS:01: Evaluates and consults on the organization s internal and external reporting needs and related assurance requirements (level of assurance required, attestation versus direct reporting audit, review or compilation engagement, special report engagement). Examination sessions: December 2014, June 2015 Page 16 of 21

17 8.7 Small business audit issues 8.8 Audit of not-forprofit organizations 8.9 Public sector auditing 8.10 Second opinions Review the characteristics of a small business and assess their effect on audit considerations. Outline the characteristics of not-for-profit organizations and their audits, and describe considerations related to planning, audit evidence areas (including revenue recognition), and opinion reporting. Outline the types of public sector audits identified in the assurance standards, and describe the specific issues related to compliance and value-for-money audits. Determine the reasons for seeking a second opinion, and describe the procedures a public accountant follows when asked to provide one. Levels 1, 2, & 3 PR:SF:01: Anticipates and meets the needs and expectations of internal and external stakeholders (develops a sound understanding of the organization and its business environment, determines what information is needed by various stakeholders, seeks feedback from various stakeholders, provides relevant and timely information for decision making). PK:AS:02: Determines and advises on whether to accept an engagement consistent with professional standards (evaluates potential clients, communicates with predecessor auditor, checks for conflict of interest). PK:AS:13: Evaluates and reports on programs using comprehensive auditing (value-for-money audits, government program evaluations, operational audits). PR:ET:07: Demonstrates professional courtesy (notifies another firm that an issue has arisen about its work). Examination sessions: December 2014, June 2015 Page 17 of 21

18 9. Other engagements 8-10% 9.1 Review engagements 9.2 Review of interim financial statements 9.3 Other assurance engagements 9.4 Compilation engagements 9.5 Specified audit procedures 9.6 Auditor s involvement with offering documents 9.7 Auditor assistance to underwriters and others Explain the level of assurance provided by a review engagement, the accountant s role in performing one, and the standards that apply. Explain the considerations, standards, and reporting requirements related to the auditor s review of interim financial statements. Explain the considerations and requirements related to issuing a special report in compliance with agreements, statutes, and regulations. Explain a compilation engagement and the accountant s role in performing one. Explain the relevant factors in applying specified audit procedures to financial information other than financial statements. Explain the procedures, requirements, and communications related to an auditor s involvement with a prospectus and other offering documents. Explain the procedures, requirements, and communications related to an auditor s assistance to underwriters and others. PK:AS:01: Evaluates and consults on the organization s internal and external reporting needs and related assurance requirements (level of assurance required, attestation versus direct reporting audit, review or compilation engagement, special report engagement). PK:AS:03: Determines the scope of the engagement or management audit (contents of engagement letter, client expectation, limitations on scope, timing, sign-offs). PK:AS:04: Evaluates risks and business issues (nature of organization, control environment) to determine their impact on the engagement or management audit (extent, materiality, nature, and timing of engagement). PK:AS:06: Develops and/or modifies procedures for the engagement or management audit (prepares review or audit procedures, modifies audit procedures in the presence of fraud risk factors or known errors). PK:AS:12: Summarizes conclusions and prepares a report, letter, or memo (appropriate review or auditor s report, management letter, comfort letter, representation letter, memo to partner, exit interview, internal audit report). PK:FA:08: Prepares financial statements and related disclosures appropriate for external users and in compliance with regulatory standards (interim financial statements, pro forma statements, environmental impact, long-range forecasts, management discussion and analysis [MD&A]). PR:CM:02: Prepares information in formats appropriate for specific purposes (audit reports, memos, management letters, consulting reports, financial reports). PK:AS:09: Advises on the design and implementation of new or enhanced internal controls (to strengthen systems and operational controls, reduce exposure to business risks, enhance operating effectiveness, or comply with rules and regulations). PK:AS:08: Identifies, evaluates, and advises on internal control systems, and communicates weaknesses to the appropriate level of the organization (financial approval authority, credit control, segregation of duties, evaluation of fraud risk factors). LD:OE:02: Designs, evaluates, and reports on internal control systems to ensure organizational effectiveness. Examination sessions: December 2014, June 2015 Page 18 of 21

19 9.8 Auditor s consent to the use of the auditor s report in designated documents Explain the procedures, requirements, and communications related to the consent by an auditor to the use of the auditor s report in designated documents. 9.9 Special considerations 9.10 Forecasts and projections 9.11 Reporting on internal control over financial reporting Explain the procedures, requirements, standards, and communications for an audit of financial statements prepared in accordance with special purpose frameworks; an audit of a single financial statement; an audit of a specific element, account, or item of a financial statement; and an audit of consolidated financial statements. Distinguish between a forecast and a projection, explain when an examination of each one is required, and explain the related procedures, documentation, and reporting requirements. Describe the considerations related to an audit of internal control over the client s financial reporting processes that is integrated with an audit of the client s financial statements. Levels 2 & 3 Levels 2 & 3 Examination sessions: December 2014, June 2015 Page 19 of 21

20 10. Corporate governance, current issues, and future directions 4-6% 10.1 Corporate governance and audit committees 10.2 IT governance and alignment with business strategy 10.3 XBRL and cloud computing 10.4 Sustainability reporting and Analyze how corporate governance affects an organization s control environment and explain why it is important for the auditor to obtain an understanding of an organization s corporate governance. Review the various roles and functions of the board of directors and the audit committee with respect to corporate governance and explain how the auditor assesses the strengths and weaknesses of an organization s corporate governance. Evaluate the key components of an organization s IT governance, the importance of aligning it with an organization s overall business strategy, and why the auditor must assess IT governance. Design audit procedures for carrying out the assessment of IT governance. Describe the use of extensible Business Reporting Language (XBRL) and cloud computing, and evaluate the impact of these technologies on assurance engagements. Evaluate the issues relating to corporate responsibility and LD:OE:03: Advises on issues of corporate governance (audit committee independence, executive compensation, directors liability, board accountability). PK:IT:01: Advises on the development of IT strategy (IT strategic plans for financial accounting, reporting, and management information systems; strategies to support end-user computing; standards and practices for information systems as they relate to financial information, green IT). PK:IT:03: Aligns financial and related information systems with the organization s strategic and business plans (advises on systems that monitor and report on organizational performance, manages or controls the organizational information system as it relates to financial information). PR:SF:02: Acts in the best interests of the stakeholders (represents stakeholders interests when changes are proposed to standards and regulations, informs stakeholders about anticipated changes and their potential impact). LD:SO:05: Manages change in the organization caused by internal and external factors (continuous process improvement). PK:FA:02: Evaluates, interprets, and advises on accounting policies and procedures in accordance with professional standards (standards for not-for-profit, public, and private corporations, and the public sector). PK:FA:03: Researches, evaluates, and advises on the appropriate accounting treatment for complex transactions (step-by-step acquisitions, fair value determinations, encumbrances, endowment trusts, financial instruments). PR:PD:05: Applies new learning for the benefit of stakeholders. LD:SO:08: Assumes leadership at various phases of planning, implementation, and evaluation (assesses risk, identifies direction, deals with uncertainty, plans and manages projects). PR:SF:02: Acts in the best interests of the stakeholders (represents stakeholders interests when changes are proposed to standards and regulations, informs stakeholders about anticipated changes and their potential impact). PR:ET:04: Protects the public interest (maintains and raises the visibility of the ethical nature of the profession and professional accounting standards). PK:AS:01: Evaluates and consults on the organization s internal and external reporting needs and related assurance requirements (level of assurance required, attestation versus direct reporting audit, review or compilation engagement, special report Examination sessions: December 2014, June 2015 Page 20 of 21

21 environmental sustainability assurance as auditing well as environmental auditing. engagement). PK:AS:)04: Evaluates risks and business issues (nature of organization, control environment) to determine their impact on the engagement or management audit (extent, materiality, nature, and timing of engagement). PK:AS:)06: Develops and/or modifies procedures for the engagement or management audit (prepares review or audit procedures, modifies audit procedures in the presence of fraud risk factors or known errors). PK:IT:04: Evaluates and advises on the impact of new technologies on business processes (e-commerce; Internet, intranet, and extranet technologies; biometrics). PK:AS:14: Evaluates and reports on the environmental impacts of business activities (compliance with environmental regulations and required accounting standards). PR:SE:02: Knows when and how to refer to other professionals and experts (seeks advice or refers clients in areas such as law, IT, financial instruments, international business development). Examination sessions: December 2014, June 2015 Page 21 of 21