Boss

Aronyms ACE ­ Client Acceptance, continuance, and extraordinary events that can lead to client rejection ORCA ­ Objectives, Risks, and Controls must always allign CRIME ­ Control Activities, Risk Assessment, Information and Communication Processes, Monitoring, Control Environment DAIF ­ Domestic Annually Inspected Firms (largest 8 accounting firms) ExCUSME ­ Existence, Communication, Understanding, Support, Monitoring, Enforcement (related to code of conduct/policies) CARDOFCPA ­ Confidentiality, Anonymity, Real Time Assistance, Data Management Procedures, Organization Wide Availability, Follow up on Non Retaliation, Classification of financial reporting concerns, prominent communication, audit committee notification. (Related to the features of a well designed hotline) SIMONE ­ Significant, Irremediable, Manual, Override, Non Recurring, Estimates (related to why we must evaluate PEFR) CAVIAR ­ Completeness, Accuracy, Validity, Interface (these 4 relate to integrity), Availability, Restricted Access (confidentiality) This is related to application controls OTCGRAD ­ Operating Risk, transaction risk, control risk, growth risk, regulation risk, accounting risk, distress risk, (types of risk to look for during RAP) ERM ­ Enterprise Risk Management FOC ­ Financial, operational, and compliance objectives. CRIME must take into account all three. SDLC ­ System Development Life Cycle TLC ­ Transaction Life Cycle

Overview of Integrated Audit An audit starts with the acceptance of a client or the continuance of a client or an extraodianary event that causes the auditor to drop the client. The next step is staffing the engagement properly. The auditor then understand’s the clients business and control architecture by making sure their objectives, risks, and controls are alligned and that their COSO framework is in place. The auditor will then evaluate control design and develop teting plans for these controls. After developing the plan the auditor will test operating