Part 1

******1. List the 10 Generally Accepted Auditing Standards, still in effect under the PCAOB, grouping them
by category.
General:
o Auditor must have adequate training and proficiency to perform the audit
o Auditor must maintain independence in mental attitude in regards to the audit
o Auditor must exercise due professional care when performing the audit
Field Work:
o Auditor must adequately plan the work and ensure the staff is properly supervised
o Auditor must have a sufficient understanding of the entities environment including
the internal controls
o Auditor must obtain sufficient appropriate audit evidence to support the opinion in
the report
Report:
o Auditor must state in the report whether the financial statements are presented in
accordance with GAAP
o Auditor must identify in the report circumstances in which such principles have not
been consistently observed in the current period
o Auditor must state in the report whether informative disclosures are not reasonably
adequate
o Auditor must provide an opinion or disclose an opinion of the financial statements
in the auditors report
2. What auditing standards are used to conduct an audit for a privately-held corporation before 12/15/2012?
What auditing standards are used to conduct an audit for a privately-held corporation after 12/15/2012? What
auditing standards are used to conduct an audit for a publicly held-and-traded corporation? What organization is
responsible for setting each of these sets of standards?
SASs and AUs are used on private companies prior to 12/15/2012. Set by the ASB
SASs and AU-Cs are used on private companies after 12/15/2012. Set by the ASB
ASs are used on public companies which are set by the PCAOB
Part 2
3. Briefly describe the Sarbanes-Oxley Act of 2002 (SOX). Be sure to mention (1) its primary objectives (i.e.
why was it passed?), and (2) 4 major aspects of the act. Some critics of SOX have stated that it will not deter
fraud do you agree or disagree? Defend your perspective on this claim with at least two factors that support
your viewpoint.
SOX was passed in reaction to many corporate and accounting scandals like Enron and Tyco.
Doesnt apply to private companies
Created PCAOB
Increased reporting responsibilities
Stricter independence rules
Audits of internal controls
I dont believe SOX will deter fraud because people who commit fraud start small and work their way up
to bigger amounts. Their mentality is if they got away with it once they will continue to get away with it.
They are not thinking about getting caught and think they are invincible

4. Sarah is auditing the sales of a new client. In one procedure Sarah performs, she begins with the original sales
documents and then searches the accounting records to find the corresponding entry. What test is Sarah
performing and what management assertion is she testing?
She is performing a Tracing Test and is testing managements Assertion of Completeness
******5. Several factors may influence the reliability of evidence. Identify and describe three of these factors.

The form of confirmation:

Prior experience with the entity:
The nature of the information being confirmed:
The intended respondent:

6. You are teaching a class of new hires at your international accounting firm. Explain the audit risk model
(show the audit risk formula in your answer) and define each term.
The audit risk model is a conceptual tool that helps determine the amount of audit effort that needs to be
put forth. There are some limitations: doesnt consider potential auditor error, desired level of audit risk
may not be achieved
Audit Risk= Inherent Risk x Control Risk x Detection Risk
Inherent Risk x Control Risk= Risk of Material Misstatement
Audit Risk: Risk of unknowingly failing to modify opinion on misstated financial statements
Inherent Risk: Risk of misstatements in accounts, assuming no controls
Control Risk: Risk that material misstatement will not be prevented or detected and corrected by
controls
Detection Risk: Risk that audit procedures do not detect material misstatement
7. Identify the three components of the fraud triangle and one risk factor related to each. (Note: I am asking for
the components of the fraud triangle not the attributes of fraud risk.)

Incentive/Pressure
o Excessive pressure for management to meet 3rd party expectations
Opportunity
o Deficient internal controls
Attitude/Rationalization
o Weak ethical standards for management behavior

Part 3
8. COSO developed an internal control framework consisting of five interrelated components of internal
control. List and briefly describe each.

Control Activities
o Policies and procedures that help ensure that management directives are carried out
The Entitys Risk Assessment Process
o Process and identifying business risk
Information System and Communication
o The information system is relevant to financial reporting objects
Monitoring Controls
o A process to assess the quality of internal controls performance over time
Control Environment
o Sets the tone of the organization. Attitudes, awareness, politics, and actions of management,
and the board of directors concerning the entitys internal control and its important in the
entity

9. In terms of an audit, define substantive strategy and reliance strategy. Include in your definition how the
different strategies relate to internal control. Which strategy would best relate to a lower control risk?
Substantive strategy: Auditor has decided not to rely on the entitys controls and instead use substantive
procedures as the main source of evidence about the assertions in the financial statements. Does Not rely
on the companys internal controls
Reliance Strategy: Auditor intends to reply on the entitys controls. Relies on the companys internal
controls
Reliance Strategy related to a lower risk
10. Define and discuss the differences between a control deficiency, a significant deficiency, a material
weakness, and the two dimensions of the control deficiency - likelihood and magnitude.

Control Deficiency: When the design or operation of a control does not allow management or
employees in the normal course of performing their assigned functions to prevent or detect
misstatements on a timely basis
Significant Deficiency: A deficiency or combination of deficiencies, in internal control over
financial reporting that is less severe than a material weakness , yet important enough to merit
attention by those responsible for oversight of the companys financial reporting
Material Weakness: A deficiency or combination of deficiencies, in internal control over financial
reporting, that there is a reasonable possibility that a material misstatement of the annual interim
financial statements will not be prevented or detected on a timely basis

Part 4
Chapter 17
11. Identify and define/describe the two primary types of subsequent events that require consideration by
management and evaluation by the auditor and give two examples of each type.
Type I Event: Conditions existed before the balance sheet date and affect estimates that are part of
financial statements. Ex. Lawsuits, Uncollectible accounts receivable due to bankruptcy

Type II Event: Conditions did not exist at the balance sheet date and do not affect the accuracy of the
financial statements. Ex. Tornado, Fire, Earthquake
Chapter 18
*****12. Discuss the conditions that prohibit the auditor from issuing an unqualified opinion (list three) and
discuss the types of reports (opinions/disclaimer) that the auditor may issue for a financial statement audit. Link
the opinions/disclaimer to the conditions.
1. Scope Limitation
2. Departure from GAAP
3. Lack of Auditor Independence
Qualified, Disclaimer, and Adverse
13. Discuss the circumstances when an auditor may modify the wording of the standard audit report yet still
give an unqualified/unmodified opinion.

Chapter 21
14. Internal auditors fall into two primary categories - assurance services and consulting services. Briefly
explain these two categories in relation to internal auditors.
Assurance Services: Involves the internal auditors objective assessment of evidence to provide an
independent opinion or conclusions regarding an entity, operation, function, process, system, or other
subject matter.
Consulting Services: Are advisory in nature, and are generally performed at the specific request of an
engagement client.
*****15. As with most professionals, internal auditors must follow guidelines promoting ethical conduct. The
IIA Code of Ethics is important for internal auditors because the reliability of their work depends on a
reputation for a high level of personal integrity. The Code of Ethics consists of four main principles of ethical
conduct and some associated rules that underpin the expected conduct of IIA members. List the four main
principles of the Code of Ethics and explain each.
1. Integrity
a. The integrity of internal auditors establishes trust and thus provides the basis for reliance
on their judgment.
2. Objectivity
a. Internal auditors exhibit the highest level of professional objectivity in gathering,
evaluating, and communicating information about the activity or process being examined.
Internal auditors make a balanced assessment of all the relevant circumstances and are not
unduly influenced by their own interests or by others in forming judgments.
3. Confidentiality
a. Internal auditors respect the value and ownership of information they receive and do not
disclose information without appropriate authority unless there is a legal or professional
obligation to do so.
4. Competency
a. Internal auditors apply the knowledge, skills, and experience needed in the performance of
internal audit services.

Chapter 18 Additional Question

******16.
(a) Identify the elements (as identified in Chapter 18) of the following audit report.
(b) If an explanatory paragraph(s) is present, explain its location within the audit report as compared to the
opinion paragraph (i.e., Why is it presented in the order in which it appears?). Also, explain the type of
explanatory paragraph(s).
(c) Identify the audit report appropriately as an integrated audit report, an audit report on the financial
statements, or an audit report on the effectiveness of internal controls. Integrated audit report
(d) Is this the audit of a public or private company? Without referencing the company specifically, what
aspects of the report did you use to decide that this was a public or private company? (Hint: There are
two aspects within the report that indicate the type of company this is.) Public
Report of Ernst & Young LLP, Independent Registered Public Accounting Firm
The Board of Directors and Stockholders
Amazon.com, Inc.
We have audited the accompanying consolidated balance sheets of Amazon.com, Inc. as of December 31, 2008 and 2007, and
the related consolidated statements of operations, stockholders equity, and cash flows for each of the three years in the period ended
December 31, 2008. Our audits also included the financial statement schedule listed in the Index at Item 15(a)(2). These financial
statements and schedule are the responsibility of the Companys management. Our responsibility is to express an opinion on these
financial statements and schedule based on our audits.
We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States).
Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are
free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the
financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management,
as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.
In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated financial
position of Amazon.com, Inc. at December 31, 2008 and 2007, and the consolidated results of its operations and its cash flows for
each of the three years in the period ended December 31, 2008, in conformity with U.S. generally accepted accounting principles.
Also, in our opinion, the related financial statement schedule, when considered in relation to the basic financial statements taken as a
whole, presents fairly in all material respects the information set forth therein.
As discussed in Note 1 to the consolidated financial statements, the Company adopted FASB Interpretation No. 48 Accounting
for Uncertainty in Income Taxes, effective January 1, 2007, and FASB No. 157 Fair Value Measurements, effective January 1, 2008.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the
effectiveness of Amazon.com, Inc.s internal control over financial reporting as of December 31, 2008, based on criteria established in
Internal ControlIntegrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission and our
report dated January 29, 2009 expressed an unqualified opinion thereon.
/s/ Ernst & Young LLP
Seattle, Washington
January 29, 2009