Aronyms ACE Client Acceptance, continuance, and extraordinary events that can lead to client rejection ORCA Objectives, Risks, and Controls must always allign CRIME Control Activities, Risk Assessment, Information and Communication Processes, Monitoring, Control Environment DAIF Domestic Annually Inspected Firms (largest 8 accounting firms) ExCUSME Existence, Communication, Understanding, Support, Monitoring, Enforcement (related to code of conduct/policies) CARDOFCPA Confidentiality, Anonymity, Real Time Assistance, Data Management Procedures, Organization Wide Availability, Follow up on Non Retaliation, Classification of financial reporting concerns, prominent communication, audit committee notification. (Related to the features of a well designed hotline) SIMONE Significant, Irremediable, Manual, Override, Non Recurring, Estimates (related to why we must evaluate PEFR) CAVIAR Completeness, Accuracy, Validity, Interface (these 4 relate to integrity), Availability, Restricted Access (confidentiality) This is related to application controls OTCGRAD Operating Risk, transaction risk, control risk, growth risk, regulation risk, accounting risk, distress risk, (types of risk to look for during RAP) ERM Enterprise Risk Management FOC Financial, operational, and compliance objectives. CRIME must take into account all three. SDLC System Development Life Cycle TLC Transaction Life Cycle
Overview of Integrated Audit An audit starts with the acceptance of a client or the continuance of a client or an extraodianary event that causes the auditor to drop the client. The next step is staffing the engagement properly. The auditor then understand’s the clients business and control architecture by making sure their objectives, risks, and controls are alligned and that their COSO framework is in place. The auditor will then evaluate control design and develop teting plans for these controls. After developing the plan the auditor will test...
Please join StudyMode to read the full document