NINJA CPA REVIEW®
NINJA Notes 2016
Auditing & Attestation - DEMO
Table of Contents
The N.I.N.J.A. Framework
I. Engagement Planning 8
II. Internal Control 25
III. Auditing & IT 36
IV. Evidence & Risk 42
V. Audit Reports 57
VI. Audit Sampling 66
VII. Professional Responsibilities 77
VIII. International Auditing 84
2 The N.I.N.J.A. Framework
NAIL THE CONCEPTS
Watch your CPA Review videos first – before working any
assigned homework questions.
The CPA Review industry says to watch a section of CPA
Review video and then work the accompanying MCQs. This
perspective stems from the old-school approach to the paper
and pencil exam where you had to sit in a live classroom and
learn from an instructor on weekends.
Today, there is a smarter way to study. You don’t have to go
to a weekend live course. You can fire up the laptop on a
Tuesday morning and knock out two hours of material
before you even brush your teeth. If you work MCQs in week
one over your week one topic, guess what? You will work
them again in week 5 or 6 when you review because you will
forget what you learned.
If you watch a video in week one and score an 85 on the
corresponding MCQs, will you be able to score an 85 four
weeks later? Not likely. You will need to work them again
anyway and it’s not a smart use of study time.
Instead, let the N.I.N.J.A. Framework guide you.
INTENSE NOTES
Repeat after me: “PUT THE HIGHLIGHTER DOWN.”
Which method do you think will help you learn the material
better – painting printed words in a book with pretty
florescent colors or writing them down on a legal pad and
thinking about the information?
3 Grab a stack of legal pads, put the highlighter down, and
start writing.
Many people have said that instead of taking their own
notes, they just re-write the material inside of this study
guide, which is fine too.
NON-STOP MCQS
Now is the time to start working NINJA MCQ and do them
with a focused frenzy. Do so many MCQs that you’re
absolutely sick of them. As you encounter little “fact
nuggets” that you didn’t know or are prone to forget, write it
down and add it to your voluminous stack of notes.
JUST RE-WRITE IT
This is where it gets tedious. This is also where the payoff
happens. You may be familiar with the fact that if you had a
choice between $3 Million and 1¢ doubled daily for 31 days;
the penny doubled for 31 days ends up tripling the $3
Million. The payoff, however, doesn’t happen until the 31st
day. The road is long, but ends up being worth it in the end.
The same goes for re-writing your study notes. The thought
of grabbing that stack of legal pads and going to town rewriting what you’ve already written may sound like a
ridiculous suggestion at first, but I am a firm believer in its
impact.
Merely writing down your notes and then reviewing them
before your exam doesn’t have near the impact as taking
your furious scribbles and converting them into re-packaged,
easily-digestible “fact nuggets.”
Not only will your notes mean more when you’ve whittled
away the non-essentials, but you are actually learning the
4 material twice. Re-processing the material by re-writing your
notes is like letting the information marinade in your mind.
Just like a well-prepared steak, you will taste the payoff of
this extra step.
Don’t like taking notes? No problem. Re-write these
NINJA Notes instead. You will absorb the material better
vs. reading only.
Plan wisely because this will likely take a week to
complete.
“I have found this to be unbelievably helpful! This is now my
second section that I have followed this piece of advice and,
once again, I am amazed at how much the material "clicks"
as I review and write the notes a second time.
Sure, it's time-consuming, but for me, it is worth it. No
questions asked. Not only does it help with processing and
understanding the material, but it also results in a better,
more organized set of study notes to use for review up until
exam date.” – Sandy
ALL COMES TOGETHER
You have watched the videos. You’ve taken ridiculous notes
and have done hundreds (thousands?) of multiple-choice
questions. You’ve re-written your notes.
Now, study that stack of review Gold in your hands multiple
times, aim for a NINJA MCQ Trending Score of 85%
heading into exam day, study your notes even more, and
then go in and PASS the CPA Exam.
5 How to use NINJA Notes
READING
You've invested in the NINJA Notes, now let it go to battle
for you. You should read them as many times as possible.
Carry it with you wherever you go.
Do you have an iPhone®, iPad®, or similar device(s)?
Simply load the PDF onto the device and if you have 5
minutes of downtime, you have 5 minutes of study
time.
It is recommended that you read the NINJA Notes at least
five times leading up to your final two weeks of exam prep.
If you have 6 weeks to study, then you need to complete
this in 4 weeks. 5 weeks to study, then complete it in 3.
4 weeks = 2 weeks. You get the picture. The point is: plan,
plan, plan and budget, budget, budget, budget because
exam day is looming.
6-Week Plan: Approx. 87 pages x 5 reads /4 weeks
/ 7 days per week = Approx. 16 pages per day
5-Week Plan: Approx. 87 pages x 5 reads /3 weeks
/ 7 days per week = Approx. 21 pages per day
4-Week Plan: Approx. 87 pages x 5 reads /2 weeks
/ 7 days per week = Approx. 31 pages per day
3-Week Plan: Approx. 87 pages x 5 reads /1 weeks
/ 7 days per week = Approx. 62 pages per day
6 RE-WRITING
This step is optional, but it won over a lot of skeptics with its
results. This is not mainstream advice. This is the NINJA
way. The mainstream way of studying for the CPA Exam is
old-fashion and outdated.
Forget the old way. You are a NINJA now.
Now is the time to either
1. Re-write your own CPA Exam notes or
2. Re-Write the NINJA Notes.
Plan on investing a week doing this and you should expect to
get through 15 pages a day (Approx. 103 pages / 7) in order
to stay on track.
7 II. Internal Control
WHAT IS INTERNAL CONTROL?
Ø Internal Control provides reasonable assurance that
Ø Material Misstatements will be prevented
Ø Reliability & Integrity of Financial Statements will
be preserved
Ø Assets are protected against misuse
Ø Examination of Internal Control by management
required under Sarbanes-Oxley
o CEO/CFO must disclose deficiencies
o Management must assess Internal Controls
o Management must certify Financial Statements
Ø Has Inverse relationship with Substantive Testing
o Stronger Internal Controls = Less Testing Needed
o Weaker Internal Controls = More Testing Needed
8 THREE OBJECTIVES OF INTERNAL CONTROL
Reliability of Financial Reporting Operational Ef<iciency/Effectiveness Compliance with Law and Regulations FIVE COMPONENTS OF INTERNAL CONTROL
Control Environment Risk Assessment Control Activities Information and Communication Monitoring CONTROL ENVIRONMENT ASSESSMENT
Ø Sets tone for the entire company
Ø How are Management Integrity/Ethics?
Ø Is Management Competent?
Ø Healthy Organizational Structure?
Ø Appropriate HR Policies?
9 Ø Authority/Responsibility Assignments?
Ø What is Managements’ Style?
Ø Riskier with a dominant, aggressive individual(s)
Ø Are the Board/Audit Committee Actively Involved?
RISK ASSESSMENT
Ø Risk of Material Misstatement determines acceptable
level of Detection Risk
o Detection Risk determines Nature, Timing, Extent
of Auditing Procedures
Ø Rapid Growth?
o Risky
Ø How does Management
o Identify Risk?
o Estimate Significance?
Ø Any Major Changes to … ?
o Operations
o Personnel
o Systems
o IT
o Products
10 o Corporate Organization
o Foreign Ops
Ø When Control Risk is assessed to be at Maximum
o No Internal Control testing is performed
Ø When Control Risk is below Maximum
o Auditor tests Internal Controls
o Auditor evaluates Control Risk based on tests
o Auditor adjusts substantive tests accordingly
§ Weaker Internal Control = More testing
§ Stronger Internal Control = Less testing
CONTROL ACTIVITIES
Ø Performance Reviews
Ø Information Processing
Ø Physical Controls
Ø Segregation of Duties
INFORMATION AND COMMUNICATION
Ø Auditor needs to understand
o Major transaction classes
o Transaction initiation
11 o Support records/documents
o Transaction processing
o Financial Statement Internal Reporting process
o Financial Statement External Reporting process
Ø Auditor must Document understanding of Internal
Control via Memos, Flowcharts (easy to follow) and
Questionnaires (easy to complete)
Ø Understanding Internal Control allows the auditor to
determine
o Nature, Timing, and Extent of planned Audit
Procedures
o Risk of Material Misstatement
§ Were all transactions recorded?
§ Were they recorded timely?
§ Measured appropriately?
§ Recorded in correct period?
§ Presented and disclosed properly?
§ Did Management communicate their
responsibilities?
12 TESTING INTERNAL CONTROLS
Ø Auditor needs Reasonable Assurance that controls are
functioning as designed and effective
Ø Internal Control Testing should be strong as (IRON) so
that nothing gets past them
o Inquiry – Interview company personnel
o Re-performance – Can it be replicated?
o Observation – Watch the control be applied
o INspection – Dig into the details/documents
Ø If results are as expected, substantive procedures do
not need to be adjusted
Ø Controls tested by auditor in prior year can be used in
current year if they are re-tested every 3rd year
o Exception: Control has changed since audit
Ø If Internal Controls are deficient
o Control Risk increases
o Scope of Substantive Procedures increases
o Detection Risk decreases
o Material Weakness
§ Reasonable possibility (more than a remote
chance) that a material misstatement in
Financial Statement would not be found
13 Controls Reliable Controls NOT Reliable Control Risk = Lower Control Risk = Higher Acceptable Detection Risk = Higher Acceptable Detection Risk = Lower Continue substantive procedures for audit engagement as planned Stop testing controls and do more substantive audit procedures Ø Tracing
o Tests Completeness
o Starts with source document and traces forward to
the journal entry
Ø Vouching
o Tests Existence
o Starts with journal entry and searches for a
voucher or source document to support the entry.
14 Ø Tracing vs. Vouching and keeping it straight
o Think both T before V and C before E in alphabet
§ Tracing = Completeness
§ Vouching = Existence
SEGREGATION OF DUTIES
Ø Non-compatible duties
Ø Authorization of asset disbursement
Ø Recording of Assets
Ø Custody of assets
Ø If supporting audit evidence doesn’t exist
o Use Observation and Inquiry
Ø Accounting should be segregated from Production
Ø Employees who prepare vouchers/invoices should not
also have the authority to SIGN CHECKS
o Tip – Remember this as an underlying theme with
Segregation of Duties – authority to make a
payment should not also lie in the hands of those
creating invoices/vouchers. Why? People commit
fraud by setting up fake companies and basically
paying themselves
15 Ø Employees who have custody of assets should not also
RECORD those assets
o Someone in charge of petty cash should not also
control the petty cash records
Ø Treasury Department (custodians) should NOT have
record keeping duties
o They control assets and should not be able to
adjust any recording of those assets
CONTROL LIMITATIONS
Ø Controls can’t stop collusion or bad judgment
Ø Management can override controls
Ø Cost vs. Benefit relationship of Internal Control
REPORTING CONTROL DEFICIENCIES
Ø Material Weakness
o Reasonable possibility that controls will not
prevent a material misstatement
o Written report to management required
o Report declaring that no material weaknesses
were found is allowed
o Previous weaknesses reported that still exist
should be reported again
o Should be reported no later than 60 days after
audit report release date
16 o If one or more material weaknesses is uncorrected
at year-end, an Adverse Opinion on internal
control must be given
Ø Significant Deficiency
o Adversely affects company’s ability to report
Financial Statements in accordance with GAAP
o Important enough to “merit attention by those
responsible for oversight of the company’s
financial reporting”
o Written report to management required
o Report declaring that no significant deficiencies is
not allowed
o Previous deficiencies reported that still exist
should be reported again
o Should be reported no later than 60 days after
audit report release date
Ø Control Deficiency
o A control is not operating as intended
o Written report to management not required
17 USING WORK OF THIRD PARTIES
Ø Are they Competent?
Ø Are they Objective?
Ø Internal Auditors should fit this description
o On the CPA Exam, watch who they report to
§ Audit Committee? More objective
§ More reliance
§ Manager? Less Objective
§ Less reliance
Ø Auditor needs to understand the role of Internal
Auditors within the organization because their work
affects the audit plan
Ø Responsibility for judgments about materiality or
appropriateness of entries or estimates cannot be
shared with third parties like Internal Auditors
Ø Internal Auditors should be asked to do some of the
legwork like preparing schedules or running reports
o They should not be asked to make any decisions
or judgments
18 WARNING:
This AUD Demo only covers 13.5% of the material.
The other 86.5% could very well be the difference
between a 74 and a 75 on Score Release Day.
Breaks BEC into easily-digestible “Fact Nuggets”
Builds Exam Day Confidence
Reduces Study Stress and Anxiety
Successfully used on over 40,000 Exams
(yes, this number still shocks us too)
ü Pass and Get Your LIFE Back
ü
ü
ü
ü
ü Get NINJA Notes - http://tinyurl.com/ninja-notes-full
19