shawn cook matthew {(ing

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

XAVIER BECERRA Attorney General of California SHAWN P. COOK Supervising Deputy Attorney General MATTHEW A. {(ING Deputy Attorney General State Bar No. 265691 300 So. Spring Street, Suite 1702 Los Angeles, CA 90013

Telephone: (213) 269-6303 Facsimile: (916) 731-2126 ~ ~ E-mail: [email protected]

Attorneysfor Complainant

BEFORE THE CALIFORNIA BOARD OF ACCOUNT ANCY DEPARTMENT OF CONSUMER AFFAIRS

STATE OF CALIFORNIA

' . .

~·~~.~

In the Matter of the Accusation Against:

MELODY YU 2366 Routh Dr. Rowland Heights, CA 91748

Certified Public Accountant Certificate No. 42967

Res ondent.

Case No. AC-2018-12

ACCUSATION

PARTIES

1. Patti Bowers (Complainant) brings this Accusation solely in her official capacity as

the Executive Officer of the California Board of Accountancy (CBA), Department of Consumer

Affairs.

2. On or about May 10, 1985, the CBA issued Certified Public Accountant Certificate

Number 42967 to Melody Yu (Respondent). The Certified Public Accountant Certificate was in

full force and effect at all times relevant to the charges brought herein and will expire on

December 31, 2020, unless renewed.

JURISDICTION

3. This Accusation is brought before the CBA under the authority of the following laws.

All section references are to the Business and Professions Code (Code) unless otherwise

indicated.

(MELODY YU) ACCUSATION (Case No. AC-2818-12)

mailto:[email protected]

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

4. Section 5109 of the Code states:

The expiration, cancellation, forfeiture, or suspension of a license, practice privilege, or other authority to practice public accountancy by operation of law or by order or decision of_the board or a court of law, the placement ofa license on a retired status, or the voluntary surrender ofa license by a licensee shall not deprive the board of jurisdiction to commence or proceed with any investigation of or action or disciplinary proceeding against the licensee, or to render a decision suspending or revoking the license.

STATUTORY PROVISIONS


(a) No person or firm may practice public accountancy under any name which is false or misleading.

(b) No person or firm may practice public accountancy under any name other than the name under which the person or firm holds a valid permit to practice issued by the board.

(c) Notwithstanding subdivision (b ), a sole proprietor may practice under a name other than the name set forth on his or her permit to practice, provided the name is registered by the board, is in good standing, and complies with the requirements of subdivision (a).

(d) The board may adopt regulations to implement, interpret, and make specific the provisions of this section including, but not limited to, regulations designating particular forms of names as being false or misleading.

6. Section 5062 of the Code states that "[a] licensee shall issue a report which conforms

to professional standards upon completion of a compilation, review or audit of financial

statements."

7. Section 5076 of the Code states in pertinent part:

(a) In order to renew its registration in an active status or convert to an active status, a firm, as defined in Section 5035.1, shall have a peer review report of its accounting and auditing practice accepted by a board-recognized peer review program no less frequently than every three years.

(b) For purposes of this article, the following definitions apply:

(1) 'Peer review' means a study, appraisal, or review conducted in accordance with professional standards of the professional work of a firm, and may include an evaluation ofother factors in accordance with the requirements specified by the board in regulations. The peer review report shall be issued by an individual who has a valid and current license, certificate, or permit to practice public accountancy from this state or another state and is unaffiliated with the firm being reviewed.

(2) 'Accounting and auditing practice' includes any services that were

2


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

performed in the prior three years using professional standards defined by the board in regulations.

(c) The board shall adopt regulations as necessary to implement, interpret, and make specific the peer review requirements in this section, including, but not limited to, regulations specifying the requirements for board recognition of a peer review program, standards for administering a peer review, extensions of time for fulfilling the peer review requirement, exclusions from the peer review program, and document submission.

(d) Nothing in this section shall prohibit the board from initiating an investigation and imposing discipline against a firm or licensee, either as the result of a complaint that alleges violations of statutes, rules, or regulations, or from information contained in a peer review report received by the board.


(a) Audit documentation shall be a licensee's records ofthe procedures applied, the tests performed, the information obtained, and the pertinent conclusions reached in an audit engagement. Audit documentation shall include, but is not limited to, programs, analyses, memoranda, letters ofconfirmation and representation, copies or abstracts of company documents, and schedules or commentaries prepared or obtained by the licensee.

(b) Audit documentation shall contain sufficient documentation to enable a reviewer with relevant knowledge and experience, having no previous connection with the audit engagement, to understand the nature, timing, extent, and results of the auditing or other procedures performed, evidence obtained, and conclusions reached, and to determine the identity of the persons who performed and reviewed the work.

(c) Failure ofthe audit documentation to document the procedures applied, tests performed, evidence obtained, and relevant conclusions reached in an engagement shall raise a presumption that the procedures were not applied, tests were not performed, information was not obtained, and relevant conclusions were not reached. This presumption shall be a rebuttable presumption affecting the burden of proof relative to those portions of the audit that are not documented as required in subdivision (b). The burden may be met by a preponderance of the evidence.

(d) Audit documentation shall be maintained by a licensee for the longer of the following:

( 1) The minimum period of retention provided in subdivision ( e ).

(2) A period sufficient to satisfy professional standards and to comply with applicable laws and regulations.

(e) Audit documentation shall be maintained for a minimum of seven years which shall be extended during the pendency ofany board investigation, disciplinary action, or legal action involving the licensee or the licensee's firm. The board may adopt regulations to establish a different retention period for specific categories of audit documentation where the board finds that the nature of the documentation warrants it.

(t) Licensees shall maintain a written documentation retention and destruction policy that shall set forth the licensee's practices and procedures complying with this article.

3


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28


After notice and hearing the board may revoke, suspend, or refuse to renew any permit or certificate granted under Article 4 ( commencing with Section 5070) and Article 5 ( commencing with Section 5080), or may censure the holder of that permit or certificate for unprofessional conduct that includes, but is not limited to, one or any combination of the following causes:

(a) Conviction ofany crime substantially related to the qualifications, functions and duties of a certified public accountant or a public accountant.

(b) A violation of Section 478, 498, or 499 dealing with false statements or omissions in the application for a license, in obtaining a certificate as a certified public accountant, in obtaining registration under this chapter, or in obtaining a permit to practice public accountancy under this chapter.

(c) Dishonesty, fraud, gross negligence, or repeated negligent acts committed in the same or different engagements, for the same or different clients, or any combination of engagements or clients, each resulting in a violation of applicable professional standards that indicate a lack of competency in the practice of public accountancy or in the performance of the bookkeeping operations described in Section 5052.

(d) Cancellation, revocation, or suspension of a certificate or other authority to practice as a certified public accountant or a public accountant, refusal to renew the certificate or other authority to practice as a certified public accountant or a public accountant, or any other discipline by any other state or foreign country.

(e) Violation of Section 5097.

(f) Violation of Section 5120.

(g) Willful violation of this chapter or any rule or regulation promulgated by the board under the authority granted under this chapter.

(h) Suspension or revocation of the right to practice before any governmental body or agency.

(i) Fiscal dishonesty or breach of fiduciary responsibility of any kind.

G) Knowing preparation, publication, or dissemination of false, fraudulent, or materially misleading financial statements, reports, or information.

(k) Embezzlement, theft, misappropriation of funds or property, or obtaining money, property, or other valuable consideration by fraudulent means or false pretenses.

(l) The imposition ofany discipline, penalty, or sanction on a registered public accounting firm or any associated person ofsuch firm, or both, or on any other holder of a permit, certificate, license, or other authority to practice in this state, by the Public Company Accounting Oversight Board or the United States Securities and Exchange Commission, or their designees under the Sarbanes-Oxley Act of 2002 or other federal legislation.

(m) Unlawfully engaging in the practice of public accountancy in another state.

4

(l'vlELODY YU) ACCUSATION (Case No. AC-2018-12)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

10. Section 5100.5 of the Code states:

(a) After notice and hearing the board may, for unprofessional conduct, permanently restrict or limit the practice of a licensee or impose a probationary term or condition on a license, which prohibits the licensee from performing or engaging in any of the acts or services described in Section 5051.

(b) A licensee may petition the board pursuant to Section 5115 for reduction of penalty or reinstatement of the privilege to engage in the service or act restricted or limited by the board.

(c) The authority or sanctions provided by this section are in addition to any other civil, criminal, or administrative penalties or sanctions provided by law, and do not supplant, but are cumulative to, other disciplinary authority, penalties, or sanctions.

(d) Failure to comply with any restriction or limitation imposed by the board pursuant to this section is grounds for revocation of the license.

(e) For purposes of this section, both of the following shall apply:

(1) "Unprofessional conduct" includes, but is not limited to, those grounds for discipline or denial listed in Section 5100.

(2) "Permanently restrict or limit the practice of' includes, but is not limited to, the prohibition on engaging in or performing any attestation engagement, audits, or compilations.

REGULATORY PROVISIONS

11. California Code of Regulations, title 16, section 41 states:

A firm shall enroll with a Board-recognized peer review program provider, and shall cooperate with the Board-recognized peer review program provider with which the firm is enrolled to arrange, schedule, and complete a peer review, in addition to taking and completing any remedial or corrective actions prescribed by the Boardrecognized peer review program provider.


(a) Beginning on January 1, 2014, at the time of renewal, a licensee shall report to the Board specific peer review information as required on Form PR-I (Rev. 11/17), which is hereby incorporated by reference.

(b) Prior to January 1, 2014, the date for existing California licensees to report peer review results, on the form indicated in subsection (a), shall be based on the licensee's license number according to the following schedule: for license numbers ending with 0 1-33 the reporting date is no later than July l, 2011; for license numbers ending with 34-66 the reporting date is no later than July 1, 2012; for license numbers

5

(lVlELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

IO

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

ending with 67-00 the reporting date is no later than July I, 2013.

(c) A licensee's willful making of any false, fraudulent, or misleading statement, as part of, or in support of, his/her peer review reporting shall constitute cause for disciplinary action pursuant to Section 51 OO(g) of the Accountancy Act. Failure to submit a completed Form PR-I (Rev. 11/17) shall be grounds for nonrenewal or disciplinary action pursuant to Section 51 OO(g) of the Accountancy Act.

13. California Code of Regulations, title 16, section 5 8 states:

Licensees engaged in the practice of public accountancy shall comply with all applicable professional standards, including but not limited to generally accepted accounting principles and generally accepted auditing standards.


No sole proprietor may practice under a name other than the name set forth on his or her permit to practice unless such name has been registered with the Board. Any registration issued under this section shall expire five years after the date of issuance unless renewed prior to its expiration.

15. California Code of Regulations, title 16, section 68.2 states:

(a) To provide for the identification of audit documentation, audit documentation shall include an index or guide to the audit documentation which identifies the components of the audit documentation.

(b) In addition to the requirements of Business and Professions Code Section 5097(b), audit documentation shall provide the date the document or working paper was completed by the preparer(s) and any reviewer(s), and shall include the identity of the preparer(s) and any reviewer(s).

(c) Audit documentation shall include both the report date and the date of issuance of the report.

16. California Code of Regulations, title 16, section 68.4 states:

(a) Audit documentation that is not completed prior to the date of issuance of the report shall be completed during the document assembly period specified in this subsection.

(I) The document assembly period is the 60-day period following the date of issuance of the report. If the report is not issued in connection with such an engagement, the document assembly period ends 60 days after the date that the fieldwork was completed. If the auditor was unable to complete such an engagement, then the document assembly period ends 60 days from the date the engagement ceased.

Ill

6

(l\IBLODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

(2) Notwithstanding the document assembly period specified in paragraph (1) of this subsection, licensees shall comply with applicable professional standards specifying a shorter document assembly period.

(b) After the end of the document assembly period, any, removal, deletion, substitution, or editing of audit documentation, is prohibited. Additions to audit documentation shall comply with the requirements in subsection ( c ).

(c) In addition to any other documentation required by professional standards, any addition to audit documentation after the end of the document assembly period shall include the following: 1) the reason for the addition, 2) the identity of the persons preparing and approving the addition, and 3) the date of the addition. The documentation which is added shall contain sufficient detail to enable a reviewer with relevant knowledge and experience, having no previous connection with the audit engagement, to understand the nature, timing, reason for, and extent of the addition.

(d) Nothing in this section authorizes the deferral of audit procedures required to be performed prior to the date of issuance of the report.


(a) 80 Hours. As a condition for renewing a license in an active status, a licensee shall complete at least 80 hours of continuing education in the two-year period immediately preceding license expiration, and meet the reporting requirements described in Section 89(a). A licensee engaged in the practice ofpublic accountancy as defined in Section 5051 of the Business and Professions Code is required to hold a license in an active status. No carryover of continuing education is permitted from one license renewal period to another.

(1) A licensee renewing a license in an active status, shall complete a minimum of 20 hours in each year of the two-year license renewal period, with a minimum of 12 hours ofthe required 20 hours in technical subject areas as described in subsection (a)(2).

(2) Licensees shall complete a minimum of 50 percent of the required continuing education hours in the following technical subject areas: accounting, auditing, fraud, taxation, consulting, financial planning, ethics as defined in subsection (b ), regulatory review as defined in Section 87.8, computer and information technology (except for word processing), and specialized industry or government practices that focus primarily upon the maintenance and/or enhancement of the public accounting skills and knowledge needed to competently practice public accounting.

(3) Licensees may claim no more than 50 percent of the required number of continuing education hours in the following non-technical subject areas: communication skills, word processing, sales, marketing, motivational techniques, negotiation skills, office management, practice management, and personnel management.

(4) Programs in the following subject areas are not acceptable continuing education: personal growth, self-realization, spirituality, personal health and/or fitness, sports and recreation, foreign languages and cultures and other subjects which will not contribute directly to the professional competence of the licensee.

(b) Ethics Continuing Education Requirement

7

(lvlELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

A licensee renewing a license in an active status shall complete four hours of the 80 hours of continuing education required pursuant to subsection (a) in an ethics course. The course subject matter shall consist of one or more of the following areas: a review ofnationally recognized codes ofconduct emphasizing how the codes relate to professional responsibilities; case-based instruction focusing on real-life situational learning; ethical dilemmas facing the accounting profession; or business ethics, ethical sensitivity, and consumer expectations. Programs in the following subject areas are not acceptable toward meeting this requirement: sexual harassment, workplace harassment, or workplace violence. Courses must be a minimum of one hour as described in Section 88.2.

(c) Government Auditing Continuing Education Requirement.

A licensee who engages in planning, directing, conducting substantial portions of field work, or reporting on financial or compliance audits of a governmental agency shall complete 24 hours of the 80 hours required pursuant to subsection (a) in the areas of governmental accounting, auditing or related subjects. This continuing education shall be completed in the same two-year license renewal period as the report is issued. A governmental agency is defined as any department, office, commission, authority, board, government-owned corporation, or other independent establishment of any branch of federal, state or local government. Related subjects are those which maintain or enhance the licensee's knowledge of governmental operations, laws, regulations or reports; any special requirements of governmental agencies; subjects related to the specific or unique environment in which the audited entity operates; and other auditing subjects which may be appropriate to government auditing engagements. A licensee who meets the requirements ofthis subsection shall be deemed to have met the requirements of subsection ( d).

(d) Accounting and Auditing Continuing Education Requirement.

A licensee who engages in planning, directing, performing substantial portions ofthe work, or reporting on an audit, review, compilation, or attestation service, shall complete 24 hours of the 80 hours of continuing education required pursuant to subsection (a) in the course subject matter pertaining to financial statement preparation and/or reporting (whether such statements are prepared on the basis of generally accepted accounting principles or other comprehensive bases of accounting), auditing, reviews, compilations, industry accounting, attestation services, or assurance services. This continuing education shall be completed in the same two-year license renewal period as the report is issued.

(e) Accounting and Auditing Continuing Education Requirement When Providing Preparation Engagements as Highest Level of Service.

A licensee who provided preparation engagements as his/her highest level of service shall complete eight hours of the 80 hours of continuing education required pursuant to subsection (a) in preparation engagements or accounting and auditing as described in Section 87( d).

(f) A licensee who must complete continuing education pursuant to subsections (c), (d), or (e) of this section shall also complete an additional four hours of continuing education specifically related to the prevention, detection, and/or reporting of fraud affecting financial statements. This continuing education shall be part of the 80 hours of continuing education required by subsection (a), but shall not be part of the continuing education required by subsections (c), (d), or (e).

(g) Failure to Comply.

8


1

2

3

4

5

6

7

8

9

IO

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

A licensee's willful failure to comply with the requirements ofthis section shall constitute cause for disciplinary action pursuant to Section 51 OO(g) of the Accountancy Act.

PROFESSIONAL STANDARDS

18. The auditing standards in effect at the time of the Plan audit were the American

Institute of CPAs (AICPA) Clarified Statements on Auditing Standards (SASs) and Audit and

Accounting Guide for Employee Benefit Plans (AAG-EBP). The SASs applied to Respondent's

audit of the Plan pursuant to California Code of Regulations, title 16, section 58. (Sections of the

SASs are designated by the "AU-C" identifier.) The AAG-EBP is non-authoritative, but

Respondent should have been prepared to address her compliance with SAS provisions addressed

by the auditing guidance.

19. AU-C 200.03 states:

An auditor is associated with financial information when the auditor has applied procedures sufficient to permit the auditor to report in accordance with GAAS. Statements on Standards for Accounting and Review Services address the accountant's considerations when the accountant prepares and presents financial statements to the entity or to third parties.

20. AU-C 200.04 states:

The purpose of an audit is to provide financial statement users with an opinion by the auditor on whether the financial statements are presented fairly, in all material respects, in accordance with an applicable financial reporting framework, which enhances the degree of confidence that intended users can place in the financial statements. An audit conducted in accordance with GAAS and relevant ethical requirements enables the auditor to form that opinion. (Ref: par..A I)

2 I. AU-C 200.06 states:

As the basis for the auditor's opinion, GAAS require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high, but not absolute, level of assurance. It is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. Reasonable assurance is not an absolute level of assurance because there are inherent limitations of an audit that result in most ofthe audit evidence, on which the auditor draws conclusions and bases the auditor's opinion, being persuasive rather than conclusive. (Ref: par. .A32-.A56)

Ill

9

(fvfELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

22. AU-C 200.22 states:

The auditor should not represent compliance with GAAS in the auditor's report unless the auditor has complied with the requirements of this section and all other AU-C sections relevant to the audit.

23. AU-C 200.25 states:

GAAS use the following two categories of professional requirements, identified by specific terms, to describe the degree of responsibility it imposes on auditors:

• Unconditional requirements. The auditor must comply with an unconditional requirement in all cases in which such requirement is relevant. GAAS use the word "must" to indicate an unconditional requirement.

• Presumptively mandatory requirements. The auditor must comply with a presumptively mandatory requirement in all cases in which such a requirement is relevant except in rare circumstances discussed in paragraph .26. GMS use the word "should" to indicate a presumptively mandatory requirement. (Ref: par ..A 79)

24. AU-C 210.10 states:

The agreed-upon terms of the audit engagement should be documented in an audit engagement letter or other suitable form of written agreement and should include the following: (Ref: par..A22-.A26)

a. The objective and scope ofthe audit of the financial statements

b. The responsibilities of the auditor

c. The responsibilities of management

d. A statement that because ofthe inherent limitations ofan audit, together with the inherent limitations of internal control, an unavoidable risk exists that some material misstatements may not be detected, even though the audit is properly planned and performed in accordance with GAAS

e. Identification of the applicable financial reporting framework for the preparation of the financial statements

f Reference to the expected form and content of any reports to be issued by the auditor and a statement that circumstances may arise in which a report may differ from its expected form and content

IO


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

25. AU-C 210.16 states:

If the terms of the audit engagement are changed, the auditor and management should agree on and document the new terms of the engagement in an engagement letter or other suitable form of written agreement.

26. AU-C 230.02 states:

Audit documentation that meets the requirements of this section and the specific documentation requirements of other relevant AU-C sections provides

a. evidence of the auditor's basis for a conclusion about the achievement of the overall objectives of the auditor; and

b. evidence that the audit was planned and performed in accordance with generally accepted auditing standards (GAAS) and applicable legal and regulatory requirements.

27. AU-C 230.03 states:

Audit documentation serves a number of additional purposes, including the following:

• Assisting the engagement team to plan and perform the audit

• Assisting members of the engagement team responsible for supervision to direct and supervise the audit work and to discharge their review responsibilities in accordance with section 220, Quality Control for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards

• Enabling the engagement team to demonstrate that it is accountable for its work by documenting the procedures performed, the audit evidence examined, and the conclusions reached

• Retaining a record of matters of continuing significance to future audits of the same entity

• Enabling the conduct of quality control reviews and inspections in accordance with QC section 10, A Firm's System ofQuality Control

• Enabling the conduct of external inspections or peer reviews in accordance with applicable legal, regulatory, or other requirements

• Assisting an auditor who reviews a predecessor auditor's audit documentation

• Assisting auditors to understand the work performed in the prior year as an aid in planning and performing the current engagement

Ill

11


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

28. AU-C 230.08 states:

The auditor should prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand (Ref: par ..A4-.A7 and .Al9-.A20)

a. the nature, timing, and extent of the audit procedures performed to comply with GAAS and applicable legal and regulatory requirements; (Ref: par ..A8-.A9)

b. the results of the audit procedures performed, and the audit evidence obtained; and

c. significant findings or issues arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions. (Ref: par ..Al0-.Al3)

29. AU-C 230.09 states:

In documenting the nature, timing, and extent of audit procedures performed, the auditor should record

a. the identifying characteristics of the specific items or matters tested; (Ref: par..Al4)

b. who performed the audit work and the date such work was completed; and

c. who reviewed the audit work performed and the date and extent of such review. (Ref: par ..Al5)

30. AU-C 230.13 states:

If, in rare circumstances, the auditor judges it necessary to depart from a relevant presumptively mandatory requirement, the auditor must document the justification for the departure and how the alternative audit procedures performed in the circumstances were sufficient to achieve the intent of that requirement. (Ref: par..A2 l-.A22)

31. AU-C 230.14 states:

When responses to inquiries of management, those charged with governance, or others are inconsistent or otherwise unsatisfactory (for example, vague or implausible), the auditor should further investigate the inconsistencies or unsatisfactory responses.

Ill

Ill

12


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

32. AU-C 240.22 states:

Based on analytical procedures performed as part.of risk assessment procedures, the auditor should evaluate whether unusual or unexpected relationships that have been identified indicate risks of material misstatement due to fraud. To the extent not already included, the analytical procedures, and evaluation thereof, should include procedures relating to revenue accounts. (Ref: par ..A24-.A26 and .A46)

33. AU-C 240.26 states:

When identifying and assessing the risks ofmaterial misstatement due to fraud, the auditor should, based on a presumption that risks of fraud exist in revenue recognition, evaluate which types ofrevenue, revenue transactions, or assertions give rise to such risks. Paragraph .46 specifies the documentation required when the auditor concludes that the presumption is not applicable in the circumstances of the engagement and, accordingly, has not identified revenue recognition as a risk of material misstatement due to fraud. (Ref: par. A33-.A35)

34. AU-C 240.32 states:

Even if specific risks of material misstatement due to fraud are not identified by the auditor, a possibility exists that management override of controls could occur. Accordingly, the auditor should address the risk of management override of controls apart from any conclusions regarding the existence of more specifically identifiable risks by designing and performing audit procedures to

a. test the appropriateness ofjournal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements, including entries posted directly to financial statement drafts. In designing and performing audit procedures for such tests, the auditor should (Ref: par. A47-.A50 and .A55)

i. obtain an understanding of the entity's financial reporting process and controls over journal entries and other adjustments, and the suitability of design and implementation of such controls;

ii. make inquiries of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing ofjournal entries and other adjustments;

iii. consider fraud risk indicators, the nature and complexity of accounts, and entries processed outside the normal course of business;

iv. select journal entries and other adjustments made at the end of a reporting period; and

v. consider the need to test journal entries and other adjustments throughout the period.

b. review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud. In performing this review, the auditor should

13

{MELODY YU) ACCUSATION (Case No. AC-2018-12)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

i. evaluate whether the judgments and decisions made by management in making the accounting estimates included in the financial statements, even if they are individually reasonable, indicate a possible bias on the part of the entity's management that may represent a risk of material misstatement due to fraud. If so, the auditor should reevaluate the accounting estimates taken as a whole, and

ii. perform a retrospective review of management judgments and assumptions related to significant accounting estimates reflected in the financial statements of the prior year. Estimates selected for review should include those that are based on highly sensitive assumptions or are otherwise significantly affected by judgments made by management. (Ref: par..A5 l-.A53)

c. evaluate, for significant transactions that are outside the normal course of business for the entity or that otherwise appear to be unusual given the auditor's understanding of the entity and its environment and other information obtained during the audit, whether the business rationale ( or the lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets. (Ref: par ..A54)

35. AU-C 240.43 states:

The auditor should include in the audit documentation of the auditor's understanding of the entity and its environment and the assessment of the risks of material misstatement required by section 315 the following:

a. The significant decisions reached during the discussion among the engagement team regarding the susceptibility of the entity's financial statements to material misstatement due to fraud, and how and when the discussion occurred and the audit team members who participated

b. The identified and assessed risks of material misstatement due to fraud at the financial statement level and at the assertion level (See paragraphs .16-.2 7.)

36. AU-C 240.44 states:

The auditor should include in the audit documentation of the auditor's responses to the assessed risks of material misstatement required by section 330 the following:

a. The overall responses to the assessed risks of material misstatement due to fraud at the financial statement level and the nature, timing, and extent of audit procedures, and the linkage of those procedures with the assessed risks of material misstatement due to fraud at the assertion level

b. The results of the audit procedures, including those designed to address the risk of management override of controls

Ill

14


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

37. AU-C 240.45 states:

The auditor should include in the audit documentation communications about fraud made to management, those charged with governance, regulators, and others.

38. AU-C 240.46 states:

If the auditor has concluded that the presumption that there is a risk ofmaterial misstatement due to fraud related to revenue recognition is overcome in the circumstances of the engagement, the auditor should include in the audit documentation the reasons for that conclusion.

39. AU-C 315.06 states:

The risk assessment procedures should include the following:

a. Inquiries of management, appropriate individuals within the internal audit function (if such function exists), others within the entity who, in the auditor's professional judgment, may have information that is likely to assist in identifying risks of material misstatement due to fraud or error (Ref: par..A6-.A 13)

b. Analytical procedures (Ref: par..A14-.A17)

c. Observation and inspection (Ref: par . .A18)

40. AU-C 315.26 states:

To provide a basis for designing and performing further audit procedures, the auditor should identify and assess the risks of material misstatement at

a. the financial statement level and (Ref: par..A 122-.A125)

b. the relevant assertion level for classes of transactions, account balances, and disclosures. (Ref: par..A 126-.A133)

41. AU-C 315.27 states:

For this purpose, the auditor should

a. identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, by considering the classes of transactions, account balances, and disclosures in the financial statements; (Ref: par..Al34-.A 135)

b. assess the identified risks and evaluate whether they relate more pervasively to the financial statements as a whole and potentially affect many assertions;

15


2

3

4

5

6

7

8

9

IO

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

c. relate the identified risks to what can go wrong at the relevant assertion level, taking account of relevant controls that the auditor intends to test; and (Ref: par . .A136-.A138)

d. consider the likelihood of misstatement, including the possibility ofmultiple misstatements, and whether the potential misstatement is of a magnitude that could result in a material misstatement.

42. AU-C 330.03 states:

The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement through designing and implementing appropriate responses to those risks.

43. AU-C 330.06 states:

The auditor should design and perform further audit procedures whose nature, timing, and extent are based on, and are responsive to, the assessed risks of material misstatement at the relevant assertion level. (Ref: par ..A4-.A9)

44. AU-C 330.08 states:

The auditor should design and perform tests of controls to obtain sufficient appropriate audit evidence about the operating effectiveness of relevant controls if

a. the auditor's assessment of risks of material misstatement at the relevant assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing, and extent of substantive procedures) or

b. substantive procedures alone cannot provide sufficient appropriate audit evidence at the relevant assertion level. (Ref: par..A2 I-.A26)

45. AU-C 330.14 states:

If the auditor plans to use audit evidence from a previous audit about the operating effectiveness of specific controls, the auditor should perform audit procedures to establish the continuing relevance of that information to the current audit. The auditor should obtain this evidence by performing inquiry, combined with observation or inspection, to confirm the understanding of those specific controls, and

a. if there have been changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor should test the controls in the current audit. (Ref: par ..A39)

b. if there have not been such changes, the auditor should test the controls at

16

(TvlELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

least once in every third audit and should test some controls during each audit to avoid the possibility of testing all the controls on which the auditor intends to rely in a single audit period with no testing of controls in the subsequent two audit periods. (Ref: par..A40-.A42)

46. AU-C 330.15 states:

If the auditor plans to rely on controls over a risk the auditor has determined to be a significant risk, the auditor should test the operating effectiveness of those controls in the current period.

47. AU-C 402.01 states:

This section addresses the user auditor's responsibility for obtaining sufficient appropriate audit evidence in an audit of the financial statements of a user entity that uses one or more service organizations. Specifically, it expands on how the user auditor applies section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, and section 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, in obtaining an understanding of the user entity, including internal control relevant to the audit, sufficient to identify and assess the risks of material misstatement and in designing and performing further audit procedures responsive to those risks.

48. AU-C 402.03 states:

Services provided by a service organization are relevant to the audit of a user entity's financial statements when those services and the controls over them affect the user entity's information system, including related business processes, relevant to financial reporting. Although most controls at the service organization are likely to relate to financial reporting, other controls also may be relevant to the audit, such as controls over the safeguarding of assets. A service organization's services are part of a user entity's information system, including related business processes, relevant to financial reporting if these services affect any of the following:

a. The classes of transactions in the user entity's operations that are significant to the user entity's financial statements;

b. The procedures within both IT and manual systems by which the user entity's transactions are initiated, authorized, recorded, processed, corrected as necessary, transferred to the general ledger, and reported in the financial statements;

c. The related accounting records, supporting information, and specific accounts in the user entity's financial statements that are used to initiate, authorize, record, process, and report the user entity's transactions. This includes the correction of incorrect information and how information is transferred to the general ledger; the records may be in either manual or electronic form;

d. How the user entity's information system captures events and conditions, other than transactions, that are significant to the financial statements;

e. The financial reporting process used to prepare the user entity's financial statements, including significant accounting estimates and disclosures; and

17

(rvfELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

f. Controls surrounding journal entries, including nonstandard journal entries used to record nonrecurring, unusual transactions, or adjustments.

49. AU-C 402.12 states:

If the user auditor is unable to obtain a sufficient understanding from the user entity, the user auditor should obtain that understanding from one or more of the following procedures:

a. Obtaining and reading a type 1 or type 2 report, if available

b. Contacting the service organization, through the user entity, to obtain specific information

c. Visiting the service organization and performing procedures that will provide the necessary information about the relevant controls at the service organization

d. Using another auditor to perform procedures that will provide the necessary information about the relevant controls at the service organization (Ref: par..Al 5-.A20)

50. AU-C 500.A2 states:

Most of the auditor's work in forming the auditor's op1mon consists of obtaining and evaluating audit evidence. Audit procedures to obtain audit evidence can include inspection, observation, confirmation, recalculation, reperforrnance, and analytical procedures, often in some combination, in addition to inquiry. Although inquiry may provide important audit evidence and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level, nor is inquiry alone sufficient to test the operating effectiveness of controls.

51. AU-C 580.04 states:

Although written representations provide necessary audit evidence, they complement other auditing procedures and do not provide sufficient appropriate audit evidence on their own about any of the matters with which they deal. Furthermore, obtaining reliable written representations does not affect the nature or extent ofother audit procedures that the auditor applies to obtain audit evidence about the fulfillment of management's responsibilities or about specific assertions.

52. AU-C 580.10 states:

The auditor should request management to provide a written representation that it has fulfilled its responsibility, as set out in the terms of the audit engagement,

a. for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework; and

18

(?vlELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

b. for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error. (Ref: par. .A7-.A I 0, .A22, and .A29)

53. AU-C 580.11 states:

The auditor should request management to provide written representations that

a. it has provided the auditor with all relevant information and access, as agreed upon in the terms of the audit engagement, and

b. all transactions have been recorded and are reflected in the financial statements. (Ref: par ..A7-.A10, .A22, and .A29)

54. AU-C 580.12 states:

The auditor should request management to provide written representations that it

a. acknowledges its responsibility for the design, implementation, and maintenance of internal controls to prevent and detect fraud;

b. has disclosed to the auditor the results of its assessment of the risk that the financial statements may be materially misstated as a result of fraud;

c. has disclosed to the auditor its knowledge of fraud or suspected fraud affecting the entity involving

i. management,

ii. employees who have significant roles in internal control, or

iii. others when the fraud could have a material effect on the financial statements; and

d. has disclosed to the auditor its knowledge of any allegations of fraud or suspected fraud affecting the entity's financial statements communicated by employees, former employees, regulators, or others. (Ref: par..A 11)

55. AU-C 580.14 states:

The auditor should request management to provide written representations about whether it believes the effects of uncorrected misstatements are immaterial, individually and in the aggregate, to the financial statements as a whole. A summary of such items should be included in, or attached to, the written representation. (Ref: par..Al2)

19


2

3

4

5

6

7

8

9

IO

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

56. AU-C 580.17 states:

The auditor should request management to provide written representations that (Ref: par ..Al5-.Al6)

a. it has disclosed to the auditor the identity of the entity's related parties and all the related party relationships and transactions of which it is aware and

b. it has appropriately accounted for and disclosed such relationships and transactions.

57. AU-C Section 700, entitled "Forming an Opinion and Reporting on Financial

Statements" addresses the auditor's responsibility to form an opinion on the financial

statements. It also addresses the form and content of the auditor's report as a result of an

audit of financial statements.

58. AU-C Section 700.26 states:

The auditor's report should include a section with the heading "Management's Responsibility for the Financial Statements."


The auditor's report should include a section with the heading "Auditor's Responsibility."


The auditor's report should include a section with the heading "Opinion."

61. AAG-EBP 6.16 states:

A SAS No. 70 report may provide the most efficient means to obtain an understanding ofrelevant controls at the service organization. Reading the entire SAS No. 70 document could help the auditor to determine if there are any instances of noncompliance with the service organization's controls identified in (a) the service auditor's report, (b) the attached service organizations description of controls, and (c) the information provided by the service auditor, which may include a description of tests of operating effectiveness and other information. If the service organization's SAS No. 70 repbrt identifies instances of noncompliance with the service organization's controls, the plan auditor may consider the effect ofthe findings on the assessed level of control risk for the audit of the plan's financial statements, and as a result the plan auditor may decide to perform additional tests at the service organization or, ifpossible, perform additional audit procedures at the plan. In certain situations the SAS No. 70 report may identify instances of noncompliance with the service organization's controls but the plan auditor concludes that no additional tests

20

(l'vffiLODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

or audit procedures are required because the noncompliance does not affect the assessment of control risk for the plan. It is important for the user auditor to read and consider both the report and the evidence provided by the tests of operating effectiveness and relate them to the relevant assertions in the user organization's financial statements. Although a type 2 report may be used to reduce substantive procedures, neither a type 1 nor a type 2 report is designed to provide a basis for assessing control risk sufficiently low to eliminate the need for performing any substantive tests for all of the assertions relevant to significant account balances or transaction classes. Paragraph .51 of AU section 318 (SAS No. 110), Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (AICPA, Professional Standards, vol. I), states that regardless of the assessed risk of material misstatement, the auditor should design and perform substantive procedures for all relevant assertions related to each material class of transactions, account balance, and disclosure.

62. AAG-EBP 7 .54 states:

The objectives of auditing procedures applied to participant loans are to provide the auditor with a reasonable basis for concluding-

a. Whether all participant loans exist.

b. Whether the participant loans are recorded and are properly valued in conformity with GAAP.


The auditing procedures to be applied to participant loans may include-

a. Examining participant loan documentation supporting loans.

b. Confirming loans with participants.

c. Testing that interest is properly recorded.

d. Testing whether the loans were made in conformance with the plan document.

e. Reviewing financial statement classification to ascertain that participant loans are properly reported as plan investments and included in the supplemental Schedule H, line 4i-Schedule of Assets (Held at End of Year).

f Determining whether delinquent loans should be reclassified as distributions. This determination is dependent on the terms of the plan document and related plan policies and procedures. Participant loans in default at year-end should be disclosed on the Form 5500, Schedule G, Part I, Schedule of Loans or Fixed Income Obligations in Default or Classified as Uncollectible. The written terms of the plan, the plan sponsor's written provisions concerning participant loans, and the loan documents determine when a loan is in default. The fact that the participant pays tax on the amount of the loan does not necessarily mean the loan is considered to be

21


2

3

4

5

6

7

8

9

IO

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

canceled and should be recorded as a distribution in the financial statements. A participant may pay tax on a loan balance because the tax rules have been violated. Depending on the nature of the plan and the plan terms, the loan may remain due and payable, interest may still accrue and the loan may continue to be reported as a plan investment on the financial statements and as an obligation in default on the Form 5500 schedule until it is actually repaid, the default cured in some other manner or the loan is considered to be cancelled and therefore is recorded as a distribution. A plan may call for a previous loan to be considered to be distributed to a participant and considered to be cancelled in the event the participant goes into default or otherwise violates the provisions of the documents. In this case, the loan ceases to exist and should be shown as a distribution. The loan is last reported on the Form 5500, Schedule G, Part I, Schedule ofLoans or Fixed Income Obligations in Default or Classified as Uncollectible, if applicable, in the year prior to the year it is canceled and considered to be distributed. Do not report in Form 5500, Schedule G Part I, participant loans under an individual account plan with investment experience segregated for each account, that are made in accordance with 29 CFR 2550.408b-1, and that are secured solely by a portion of the participant's vested accrued benefit.

g. Ascertaining that participant loans considered to be delinquent based on the terms of the plan document and related plan policies and procedures are included in the supplemental Schedule G, Part I, Schedule ofLoans or Fixed Income Obligations in Default or Classified as Uncollectible. Delinquent loans are considered to be assets held for investment purposes.


The objectives of auditing procedures applied to benefit payments for employee benefit plans are to provide the auditor with a reasonable basis for concluding-

a. Whether the payments are in accordance with plan provisions and related documents.

b. Whether the payments are made to or on behalf of persons entitled to them and only to such persons (that is, that benefit payments are not being made to deceased beneficiaries or to persons other than eligible participants and beneficiaries).

c. Whether transactions are recorded in the proper account, amount, and period.


Examples of substantive procedures for benefit payments include

a. For selected participants receiving benefit payments-

( I) Examining the participant's file for type and amount of claim and propriety of required approvals including tracing approval of benefit payments to board of trustees or administrative committee minutes, if applicable. For health and welfare benefit plans, examining service provider statements or other evidence of service rendered.

22

(rvIBLODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

(2) Evaluating the participant's or beneficiary's eligibility (that is, whether the payee meets the plan's eligibility requirements) by examining evidence of age and employment history data; comparing employment dates, credited service, earnings, and any employee contributions to payroll or other appropriate records; and examining the benefit election form and dependent designation to determine appropriateness of payment, including the form of distribution (for example, lump sum, installments, or annuity contract).

(3) For plan benefits, such as death and disability benefits, examining a copy of the death certificate and beneficiary form, physician's statement, and other appropriate documents.

(4) Recomputing benefits based on the plan instrument and related documents, option elected, and pertinent service or salary history. For complex benefit calculations, such as lump sum benefit payments or conversion of an account balance to an annuity, consider using the assistance of an actuary in evaluating the method and assumptions used in the benefit calculation. Verifying that all contributions, income and expenses have been properly posted to participant's account prior to making the distribution.

(5) Recomputing forfeited participant balances based on the vesting provisions of the plan and pertinent service history.

(6) Comparing the benefit payment amount to cash disbursement records or trustee reports. Reviewing trade reports to determine that correct investments were liquidated at distribution.

(7) For health and welfare plans, comparing the payment of premiums to an insurance company, prepaid health plan or similar organization on behalf of a participant to the participant's eligibility records.

(8) For benefit payments received directly by participants, testing receipt of the benefit payment. This can be accomplished by a number of methods, such as comparing canceled checks with the plan's cash disbursement records, comparing the payee name or account name on electronic funds transfers to the participant or beneficiary name, or confirming payment of benefits by corresponding directly with selected participants, service providers, and beneficiaries and comparing signatures with the application for plan benefits, service provider statements, or other appropriate documents. In addition, the auditor may want to consider inquiring as to the existence and frequency of participant complaints.

b. Evaluating whether procedures exist for determining the continued eligibility of participants or beneficiaries to receive benefits to assure that individuals are removed from the benefit rolls upon death and that payments made to individuals over an unusually long number of years are still appropriate.

c. Evaluating whether procedures exist for investigating long-outstanding benefit checks.

d. For defined contribution plans, comparing disbursements to participants with individual participant's account records that have been examined in accordance with

23

(JvfELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

the auditing procedures in paragraphs 10.14-.16.

e. For defined contribution pension plans, reviewing the criteria used by the plan to record benefit payments and determining that the benefit payments have been recorded in accordance with generally accepted accounting principles. Refer to paragraph 3.52m for guidance in reporting benefit payments on the statement of net assets available for benefits.

f For health and welfare plans, reviewing the criteria used by the plan to record benefit payments, and determining that the benefit payments have been recorded in accordance with generally accepted accounting principles. Refer to paragraphs 4.71-.93 for more complete guidance.

g. For cash balance or pension equity plans (paragraph 2.04), reviewing the accumulation of the participants' hypothetical "accounts" including the interest rate credited in accordance with the terms of the plan document.


The objectives of auditing procedures applied to participant data are to provide the auditor with a reasonable basis for concluding (a) whether all covered employees have been properly included in employee eligibility records and, if applicable, in contribution reports and (b) whether accurate participant data for eligible employees


Examples of substantive procedures for testing the employer's participant records include-

a. Reviewing pertinent sections of the plan instrument and collective bargaining agreement, if applicable, as a basis for considering what participant data to test in the audit of the plan's financial statements.

b. Testing the summarization ofthe payroll journal and schedules ofparticipant data, if applicable, and tracing postings of gross pay to general or subsidiary ledger accounts.

c. Testing payroll data for one or more pay periods and for a number of participants by-Tracing the individual payrolls from the payroll journal to the participants' earnings records. For participants paid on an hourly or piecework basis, testing payroll hours, production tickets, or other supporting evidence and testing the computation of hours. Testing rates of pay to authorizations or union contracts. Testing calculations of earnings. Reviewing personnel files for hiring notice and employment data, pay rates and rate changes, termination notice, sex, birth date, and so forth.

d. If participant files are maintained in the custody of the plan administrator or record keeper, testing whether the data maintained in those files correspond to the

24


https://4.71-.93

https://10.14-.16

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

data maintained in employer payroll and personnel files.


Procedures that the auditor may apply to individual participant accounts (rather than at the plan level) include-

a. Obtaining an understanding of how allocations are to be made. This may include reviewing pertinent sections of the plan instrument or collective bargaining agreement and discussion with plan administrator.

b. Testing the allocation of income or loss, appreciation or depreciation in value of investments, administrative expenses, and amounts forfeited for selected accounts. The testing of internal controls over this area may be addressed in the SAS No. 70 report of the record keeper for the plan's investment. To reduce the amount of substantive testing, consider relying on a SAS No. 70 report, if available (provided the SAS No. 70 report covers those areas).

c. Testing the allocation of the employer's contribution. (The testing of internal controls over this area may be addressed in the SAS No. 70 report ofthe record keeper for the plan's investment.)

d. For plans with participant contributions, determining whether individual contributions are being credited to the proper participant accounts and to the investment medium selected by the participant, if applicable. Where participants make contribution or investment elections by telephone or electronic means (such as the Internet or Intranet), consider confirming contribution percentage and source (pretax or post tax) and investment election directly with the participant or compare to a transaction report, ifone is maintained. Determine that contributions are properly classified and invested according to the participants' investment election. (The testing of internal controls over this area may be addressed in the SAS No. 70 report of the record keeper for the plan's investment.)

e. Determining whether the sum of individual accounts reconciles with the total net assets are available for benefits. Depending on the existing internal control, nature of SAS No. 70 reports and the results of other auditing procedures, the auditor may also wish to confirm contributions and other pertinent information directly with participants.


The objective of auditing procedures applied to administrative expenses is to provide the auditor with a reasonable basis for concluding whether those expenses are in accordance with agreements, are properly classified, and are recorded in appropriate amounts and periods.


Examples of substantive procedures for administrative expenses include-

a. Analyzing the account and examining supporting invoices, documents, and computations.

25


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

b. Reviewing the terms of the plan instrument and the minutes of the board of trustees or administrative committee to determine that administrative expenses were properly authorized.

c. If the plan employs a contract administrator, reviewing the contract and testing to ascertain that the services contracted for were performed and that payments were in accordance with the terms of the contract.

d. If one office functions as a service organization for several plans and administrative expenses are allocated because they are not directly associated with a specific plan, reviewing the allocation to determine that it is appropriate and determining that the method of allocation selected was approved by the board of trustees or administrative committee.

e. Determining that fees charged by trustees, investment advisors, and others are in accordance with the respective agreements.


Guidance on the auditor's procedures relating to subsequent events is provided in SAS No. 1, section 560, Subsequent Events (AICPA, Professional Standards, vol. 1, AU sec. 560). The following auditing procedures generally should be applied for all employee benefit plans. The list is not all-inclusive and may be modified to suit the circumstances of a specific engagement.

a. Reviewing minutes of committee meetings through the date of the auditor's report.

b. Obtaining supplemental legal representations if there is a significant period between the date of the plan's legal counsel's response and the date of the auditor's report.

c. Obtaining the plan's interim financial statements (trustee and record keeper statements) for a period subsequent to the audit date, if they are available, comparing them with the financial statements being audited, and investigating any unusual fluctuations.

d. Inquiring of and discussing with the plan administrator or other parties performing the plan's management function-

- Abnormal disposal or purchase of investments since year-end.

- Mergers or spin-offs of plan assets.

- Amendments to plan and trust instruments and insurance contracts.

- Matters involving unusual terminations of participants, such as termination arising from a sale of a division or layoffs.

- Changes in plan commitments or contingent liabilities.

26


2

3

4

5

6

7

8

9

l O

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

- Adverse financial conditions of the Plan sponsor.

-Any review or inquiry by the DOL, the IRS, or other regulatory agency of the plan's activities or filings since the last audit (a review or inquiry might arise, for example, from enforcement activities, from a request for an advisory opinion, or from a request for a prohibited transaction exemption).

COST RECOVERY AND ADMINISTRATIVE PENALTY

72. Section 5107, subdivision (a), of the Code provides, in pertinent part, that the CBA

may request the administrative law judge to direct a the holder of a permit or certificate found to

have committed a violation or violations of the Accountancy Act (Code section 5000, et seq.) to

pay a sum not to exceed the reasonable costs of the investigation and enforcement of the case,

with failure of the licentiate to comply subjecting the license to not being renewed or reinstated.

73. Section 5116 of the Code provides, in pertinent part, that the CBA may order a

licensee to pay an administrative penalty as part of a disciplinary proceeding.

FACTUAL ALLEGATIONS

A. Respondent Failed to Fulfill Peer Review and Continuing Education

Requirements

74. On January 1, 2010, peer review became mandatory for California-licensed

accounting firms, as defined in section 5035.1. The requirement applies to firms that performed

accounting and auditing services using at least one of five professional standards within three

years before applying for license renewal. A firm in an active status must undergo a peer review

before renewing its license. All licensees must report whether they are subject to peer review.

75. Licensees with license numbers ending in Ol through 3 3 were required to report by

July l, 2011. Those with license numbers ending in 34 through 66 were required to report by July

l, 2012. Licensees, such as Respondent, with license numbers ending in 67 through 00 were

required to report by July l, 2013.

76. On or about March 11, 2015, the CBA received a complaint from the AICPA

concerning firms it suspected of auditing financial statements without complying with their

states' peer review requirements. The AICPA complaint stated that Respondent had audited the

financial statements of FEI's 401 (k) Plan for the year ended December 31, 2012. The complaint

27


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

included a Form 5500 Annual Return/Report of Employee Benefit Plan and an "Independent

Auditor's Report" dated July 3, 2013, signed by "Melody Yu, CPA & Co."

77. On or about April 2, 2015, the CBA opened an investigation based on the AICPA's

complaint.

78. On or about May 15, 2015, the CBA notified Respondent by mail of the AICPA's

complaint and requested inter alia a listing of services Respondent provided to clients; a listing of

attest engagements for which a report was issued for the periods January l, 2011 to December 31,

2012, and January 1, 2013 to December 31, 2014; a copy of Respondent's highest level financial

statement product; and proof that Respondent underwent peer review.

79. On or about June 1 and June 11, 2015, Respondent submitted a response to the CBA.

80. The CBA's investigation discovered that Respondent failed to undergo a peer review

and, further, that she reported information to the CBA about her peer review compliance that she

knew or should have known was false, including claiming exemption from the peer review

requirement when she was not exempt.

81. On or about June 16, 201 0; June 19, 2011; and August 15, 2012, Respondent issued

an auditor's report.

82. On or about September 11, 2012, the California Society of CPAs (CalCPA) infonned

Respondent that she needed to complete her peer review by December 31, 2012.

83. Sometime between September 11, 2012 and October 26, 2012, Respondent submitted

to the peer reviewer an engagement letter and compiled financial statement. She represented that

the compiled financial statement was not expected to be used by a third party and that only the

financial statement, not the report, was provided to the client. Based on this false information,

CalCPA informed Respondent on November 20, 2012 that she was not subject to peer review.

84. In Respondent's response to the CBA on or about May 21, 2015, she stated she had

undergone peer review in 2012 when, in fact and as she well knew, she did not undergo peer

review (because she falsely represented to the peer reviewer that the highest service she

performed was a compilation with no report).

85. On or about November 20, 2012, Respondent provided a false statement on her Peer

28


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

Review Reporting Form. In response to the question, "Did your firm perform any accounting and

auditing services that require you to undergo a peer review?," Respondent answered in the

negative when, in fact and as she well knew, she had provided accounting and auditing services

that required her to undergo a peer review.

86. On or about May 28, 2013, Respondent resigned from the peer review program. She

was informed by CalCPA in a letter that the basis for her resignation was her representation to

CalCP A that she had no accounting and auditing practice.

87. On or about July 3, 2013, Respondent issued an auditor's report. Respondent did not

thereafter inform CalCPA that she completed a service requiring her to submit to peer review.

88. On or about June 18, 2014, Respondent issued an auditor's report.

89. On or about November 30, 2014, Respondent stated on her Peer Review Reporting

Form that she had not performed accounting and auditing services when, in fact and as she well

knew, she had performed said services.

90. On or about June 15, 2016, Respondent issued a compilation report, which made her

subject to continuing education requirements in the areas of Accounting and Auditing, and in

Fraud. Respondent failed to complete the required continuing education consisting of 24 hours of

Accounting and Auditing and four hours of Fraud for the renewal period ending December 31,

2016.

91. On or about December 9, 2016, Respondent stated on her license renewal application

and on her Peer Review Reporting Form that she was not subject to auditing and accounting

requirements and that she had not performed accounting and auditing services.

B. Respondent Improperly Audited FEl's 401(k) Plan (Year Ended December 31,

2013)

92. On or about July 22, 2015, the CBA received a complaint from the United States

Department of Labor (DOL) stating that the Office of the Chief Accountant selected the FEI's

40 I (k) Plan for review for the year ended December 31, 2013 (Plan), and determined that the

audit was not conducted in accordance with generally accepted auditing standards {GAAS), as

required by the Employee Retirement Income Security Act (ERISA).

29


2

3

4

5

6

7

8

9

IO

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

93. Every administrator or sponsor of an employee benefit plan subject to ERISA must

file an annual return with the United States Internal Revenue Service (IRS) and DOL. (29 U.S.C.

§§ 1024 & 1364 [ERISA]; 26 U.S.C. §§ 6047, subd. (e), 6057, subd. (b), & 6058, subd. (a)

[Internal Revenue Code].) Returns for plans with more than 100 participants ("large plans") must

have an audit performed in accordance with GAAS, pursuant to DOL requirements.

94. The CBA obtained Respondent's auditor reports for FEI's 40l(k) Plan for years

ended December 31, 2009; December 31,201 O; December 31, 2011; December 31, 2012; and

December 31, 2013. All five auditor's reports were signed "Melody Yu, CPA & Co," an entity

not registered with the CBA.

95. Respondent conducted an audit ofFEI's 40l(k) Plan for the year ended December 31,

2013. Respondent issued an auditor's report on or about June 18, 2014. Respondent failed to audit

the Plan in accordance with professional standards.

(1) Respondent Failed to Properly Plan the Audit

96. Respondent's audit documentation lacked evidence showing that the engagement was

properly planned, as further described in paragraphs 97 through 111 below.

97. Respondent was required to establish the objective and scope of the audit of the

financial statements in her audit engagement letter or other written agreement. (AU-C 210.10.) If

at any point in the audit, the terms of the audit engagement changed, Respondent was required to

agree with management on new terms of the engagement in an engagement letter or other written

agreement. (AU-C 210.16.)

98. Respondent's engagement letter indicated that she would perform a limited scope

audit. However, the audit report attached to the filed Form 5500 indicated that she performed a

full scope audit. In a full scope audit, the auditor issues an opinion and performs procedures

regarding the completeness and accuracy of plan investments whereas in a limited scope audit the

auditor does neither of these. Respondent did not update her engagement letter during the audit to

reflect a change in the terms of the engagement.

Ill

Ill

30


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

(a) Failure to Include Required Procedures

99. Respondent's audit documentation failed to include required procedures, as further

described in paragraphs 100 through 103 below.

100. Respondent's audit documentation failed to include documentation that she

communicated with management regarding the risk of fraud. Where this information was

expected to appear, Respondent marked "NIA" for "not applicable." (AU-C 240.45 & AU-C

315.06.)

101. Respondent did not document her presumption of fraud related to revenue recognition

or management override. (AU-C 240.26 & AU-C 240.46 [revenue recognition]; AU-C 240.32

[management override]).

102. Respondent did not document the significant decisions reached during the discussion

regarding the entity's susceptibility to material misstatement due to fraud. (AU-C 240.43.)

103. Respondent's audit documentation did not show the linkage between the audit

procedures performed and the identified risks. (AU-C 240.44.)

(b) Failure to Include Procedures Related to Risk Assessment Requirements

104. Respondent's audit documentation failed to include procedures related to the risk

assessment requirements, as further described in paragraphs 105 through 109 below.

105. Respondent failed to perform analytical procedures. Various steps in the audit plan

were marked ''NIA" for "not applicable." (AU-C 240.22 & AU-C 315.06.)

106. Respondent failed to assess risk at transaction, account balance and disclosure levels.

(AU-C 315 .26.)

107. Respondent failed to evaluate "what can go wrong." (AU-C 315.27.)

108. Respondent identified four significant audit areas, namely, 1) contributions received

and receivable; 2) investments and related incomes; 3) participant data and employee

contributions; and 4) benefit payments. Respondent admitted in sworn testimony at an

investigative hearing before the CBA on May 4, 2017 that she failed to test controls over those

areas. (AU-C 330.15.)

109. Respondent failed to identify, evaluate or test internal controls. (AU-C 330.08 & AU-

31


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

C 330.14.)

110. Respondent did not interview management regarding risks and instead answered risk-

related questions herself.

111. Respondent's audit plan did not reduce audit risk to an acceptably low level and did

not include information that adequately explained the nature, timing or extent of audit procedures

performed. (AU-C 330.06.)

(2) Respondent Failed to Obtain Sufficient Audit Evidence

112. Respondent failed to obtain sufficient audit evidence, as further described in

paragraphs 113 through 120 below.

113. Respondent failed to obtain SAS 70 reports describing an organization's relevant

controls. (AU-C 402.01, AU-C 402.03 & AAG-EBP 6.16.) In the section of the audit

documentation entitled General Planning Procedures for Employee Benefit Plans, Respondent

marked "NIA" or "not applicable" to many questions. Respondent's audit documentation failed to

show that she obtained a sufficient understanding of the relevant controls at the service

organization. (AU-C 402.12.)

114. Respondent's audit documentation did not reflect procedures performed for testing

participant data to ensure that participants fulfilled eligibility requirements. (AAG-EBP I0.02 &

AAG-EBP 10.05.) Steps in the audit plan were marked either "NIA" for "not applicable" or

"Melody." Respondent's audit documentation did not include underlying accounting records or

descriptions of procedures performed.

115. Respondent failed to test that individual contributions were accurate. (AAG-EBP

10.20.) Steps in Respondent's audit plan for contributions were marked ''NIA" for "not

applicable" or "Melody." The audit documentation did not include underlying accounting records

or descriptions of procedures performed.

116. Respondent failed to test that loans were accurate and made in conformance with plan

documents. (AAG-EBP 7.54 & AAG-EBP 7.55.) The audit documentation did not include an

audit plan for loans or the underlying accounting records or descriptions of procedures performed.

117. Respondent failed to test that distributions were accurate and were made to eligible

32


2

3

4

5

6

7

8

9

l O

11

12

13

14

15

16

17

18

19

20

21

22 d. Management was responsible for the design, implementation and maintenance

23 of internal controls related to the prevention and detection of fraud. (AU-C 580.12, subd. (a).)

24 e. Management had disclosed the results of its risk assessment. (AU-C 580.12,

25 subd. (b).)

26 f. Management had disclosed its knowledge of any allegations of fraud or

27 suspected fraud. (AU-C 580.12, subd. (d).)

28 g. Management believed that the effects of uncorrected misstatements were

33

participants. (AAG-EBP 9.02 & AAG-EBP 9.03.) Steps in the audit plan were marked either

''NIA" for "not applicable" or "Melody." The audit documentation did not include underlying

accounting records or descriptions of procedures performed.

118. Respondent failed to test journal entries. (AU-C 240.32.)

119. Respondent failed to perform procedures related to administrative expenses that may

or may not have been absorbed by the plan sponsor (AAG-EBP 12.13 & AAG-EBP 12.14.).

Steps in the audit plan were marked "NIA" for "not applicable."

120. Respondent failed to perform cut-off procedures and subsequent events tests and/or

inquiries. (AAG-EBP 12.15.) Steps in the audit plan were marked ''NIA" for "not applicable."

(3) Respondent Failed to Obtain Complete Management Representations

121. Respondent wrote "NIA" for "not applicable" in the audit plan in response to

"Written representations have been obtained from plan officials."

122. Despite indicating that written representations from plan officials were not applicable,

Respondent sought and obtained representations. However, the representations she obtained were

inadequate.

123. Respondent failed to obtain from management written representations that:

a. Management was responsible for the preparation of the financial statements.

(AU-C 580.10, subd. (a).)

b. Management was responsible for the design, implementation and maintenance

of internal controls. (AU-C 580.10, subd. (b).)

c. All transactions had been recorded. (AU-C 580.l l, subd. (b).)


2

3

4

5

6

7

8

9

1o

11

12

13

14

15

16

I 7

18

19

20

21

22

23

24

25

26

27

28

immaterial. (AU-C 580.14.)

h. Management had disclosed the identity of the entity's related parties. (AU-C

580.17, subd. (a).)

(4) Respondent's Auditor's Report Did Not Conform to Professional Standards

124. Respondent's auditor's report for the Plan did not adhere to professional standards

because the evidence obtained did not support the opinion.

125. Respondent provided a version of her auditor's report to the CBA that stated in

pertinent part, "[w]e have audited the accompanying statements of net assets available for

benefits of FEI' s 401 (k) Plan as of December 31, 2013 and 2012, and the related statement of

changes in net assets available for benefits for the year then ended."

126. The version of the auditor's report Respondent provided to the CBA did not match

the auditor's report that was filed with DOL and Form 5500. That version read in pertinent part,

"[w]e have audited the accompanying statements of net assets available for benefits of FEl's

40 I (k) Plan as of December 31, 2013, and the related statement of changes in net assets available

for benefits for the year then ended."

127. When an auditor performs new or additional audit procedures or draws new

conclusions after the date of the auditor's report, the auditor should document l) the

circumstances encountered; 2) what new or additional audit procedures were performed, audit

evidence obtained, conclusions reached, and their effect on the auditor's report; and 3) when and

by whom the resulting changes to audit documentation were made and reviewed. (AU-C 230.14.)

Respondent did not create such documentation.

128. Respondent's audit was not performed in accordance with GAAS. The documentation

did not support the opinion rendered in the auditor's report.

129. The language Respondent used in the content of the auditor's report was not updated

for current standards of reporting. (AU-C 700.26, AU-C 700.29, AU-C 700.34, AU-C 700.37,

AU-C 700.38.)

Ill

Ill

34

(tvlELODY YU) ACCUSATION (Case No. AC-2018-12)

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

FIRST CAUSE FOR DISCIPLINE

(Gross Negligence)

130. Respondent is subject to disciplinary action under Code section 5100, subdivision (c),

for unprofessional conduct in that she committed gross negligence in a single engagement

resulting in a violation of applicable professional standards that indicates a lack of competency in

the practice of public accountancy. In particular, she departed in an extreme respect from

professional standards in the course of auditing and producing an auditor's report for the Plan.

Complainant realleges paragraphs 92 through 129.

SECOND CAUSE FOR DISCIPLINE

(Repeated Negligent Acts)

131. Respondent is subject to disciplinary action under Code section 5100, subdivision ( c ),

for unprofessional conduct because she committed repeated negligent acts in a single engagement

resulting in a violation ofapplicable professional standards that indicates a lack of competency in

the practice of public accountancy. In particular, she was repeatedly negligent in the course of

auditing and producing an auditor's report for the Plan. Complainant realleges paragraphs 92

through 129.

THIRD CAUSE FOR DISCIPLINE

(Failure to Conduct Audit in Compliance with Professional Standards)

132. Respondent is subject to disciplinary action under Code section 5100, subdivision (g),

for unprofessional conduct for willfully violating the Accountancy Act (Code section 5000, et

seq.) and/or a rule or regulation promulgated by the CBA, in that Respondent did not perform the

audit of the Plan in accordance with all applicable professional standards, including but not

limited to generally accepted accounting principles and generally accepted auditing standards, in

violation of California Code of Regulations, title 16, section 58. Complainant realleges

paragraphs 92 through 129.

Ill

Ill

Ill

35

(lVIELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

IO

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

FOURTH CAUSE FOR DISCIPLINE

(Failure to Issue Audit Report in Conformance with Professional Standards)


for unprofessional conduct for willfully violating the Accountancy Act (Code section 5000, et

seq.) and/or a rule or regulation promulgated by the CBA, in that Respondent did not issue the

audit report for the Plan in conformance with professional standards, in violation of Code section

5062. Complainant realleges paragraphs 92 through 129.

FIFTH CAUSE FOR DISCIPLINE

(Improper Audit Documentation)

134. Respondent is subject to disciplinary action under Code section 5100, subdivision (e),

for unprofessional conduct in that she violated Code section 5097, as further defined by

California Code of Regulations, title 16, section 68 .2. Respondent's audit documentation failed to

contain sufficient documentation to enable a reviewer with relevant knowledge and experience,

having no previous connection with the audit engagement, to understand the nature, timing,

extent, and results of the auditing or other procedures performed, evidence obtained, and

conclusions reached, and to determine the identity of the persons who performed and reviewed

the work. Complainant realleges paragraphs 92 through 129.

SIXTH CAUSE FOR DISCIPLINE

(Subsequent Changes in Audit Documentation)


for unprofessional conduct for willfully violating the Accountancy Act and/or a rule or regulation

promulgated by the CBA, in that Respondent altered audit documentation for the Plan, and

presented a different version of her auditor's report to the CBA than what she produced to the

DOL. Respondent did not document the fact that changes were made, who made the changes,

who approved the changes or the reason for the changes, in violation of California Code of

Regulations, title 16, section 68.4. Complainant realleges paragraphs 92 through 95 and 125

through 127.

Ill

36


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

SEVENTH CAUSE FOR DISCIPLINE

(False Statements in Application)

136. Respondent is subject to disciplinary action under Code section 5100, subdivision (b),

for unprofessional conduct in that on or about December 9, 2016, she made a false statement or

omission in her application for renewal of her certificate as a certified public accountant. She

falsely stated that she was not subject to continuing education in Auditing and Accounting when,

in fact and as she well knew, she completed a compilation on or about June 15, 2016 that required

her to complete said continuing education. Complainant realleges paragraphs 90 and 91.

EIGHTH CAUSE FOR DISCIPLINE

(Failure to Undergo a Peer Review)



promulgated by the CBA, in that she failed to undergo a peer review, in violation of Code section

5076 and California Code of Regulations, title 16, section 45. Complainant realleges paragraphs

74 through 91.

NINTH CAUSE FOR DISCIPLINE

(False Peer Review Reporting)



promulgated by the CBA, in that she willfully made a false, fraudulent, or misleading statement,

as part of, or in support of, her peer review reporting. In particular, she reported information to

the CBA about her peer review compliance that she knew or should have known was false,

including claiming exemption from the peer review requirement when she was not exempt, in

violation of California Code of Regulations, title 16, section 45, subdivision ( c ). Complainant

realleges paragraphs 7 4 through 91.

Ill

Ill

Ill

37

(l\1ELODY YU) ACCUSATION (Case No. AC-2018-12)

2

3

4

5

6

7

8

9

IO

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

TENTH CAUSE FOR DISCIPLINE

(Failure to Complete Continuing Education)



promulgated by the CBA, in that she failed to comply with continuing education requirements, in

violation of California Code of Regulations, title 16, section 87. Complainant realleges

paragraphs 90 and 91.

ELEVENTH CAUSE FOR DISCIPLINE

(Use of Fictitious Name)

140. Respondent is subject to disciplinary action under Code section 5100, subdivision

(g), for unprofessional conduct for willfully violating the Accountancy Act and/or a rule or

regulation promulgated by the CBA, in that she practiced under a name ("Melody Yu, CPA &

Co.") other than the name under which she held a valid permit to practice issued by the CBA, in

violation of Code section 5060 and California Code of Regulations, title 16, section 67.

Complainant realleges paragraphs 76 and 94.

///

///

///

///

Ill

///

Ill

Ill

Ill

Ill

///

///

///

38


2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

PRAYER

WHEREFORE, Complainant requests that a hearing be held on the matters herein alleged,

and that following the hearing, the CBA issue a decision:

1. Revoking or suspending, restricting, limiting or otherwise imposing discipline upon

Certified Public Accountant Certificate Number 42967, issued to Melody Yu;

2. Ordering Melody Yu to pay the CBA the reasonable costs of the investigation and

enforcement of this case, pursuant to Business and Professions Code section 5107;

3. Ordering Melody Yu to pay the CBA an administrative penalty pursuant to Business

and Professions Code section 5116; and,

4. Taking such other and further action as deemed necessary and proper.

DATED: ~ --2-l--2o2D California Board of Accountancy Department of Consumer Affairs State of California Complainant

TTIBOWERS Executive Officer

LA201750691 l 54054960.docx

39

(lvfELODY YU) ACCUSATION (Case No. AC-2018-12)

shawn cook matthew {(ing

Documents