This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
The top-down approach is a way that auditors should use to select which tests they should implement in the audit of internal control over financial reporting. This approach begins at the financial statement level, and then lead auditor's attention to the entity-level control. Auditors will get the reasonable possibility of material misstatement to the financial statements and related disclosures by using this approach. Testing entity-level controls is crucial to auditors, because the company's effectiveness of internal control over financial reporting can be derived from this test.
Entity-level controls can be performed based on different approaches. Some of them can affect other controls that auditors selected, such as preventing or detecting some misstatements; some can monitor the effectiveness of other controls; whereas some can perform a more precise work on detecting the misstatements, and lead to a more efficiency prevention. There are 8 different controls included in the entity-level controls. The first is controls related to the control environment. Control environment is an important element to auditors in evaluating the firm's internal control over financial reporting, some aspects like management's philosophy, operating styles, ethical values especially among upper managements are significant to consider and evaluate. The second one is controls over management override. To some extent, the effectiveness of internal control can be assessed by the involvement of top management in the financial control. The third one is the company's risk assessment process. The fourth one is centralized processing and controls, including shared service environments. The fifth one is controls to monitor results of operations. The sixth one is controls to monitor other controls. The seventh one is controls over the period-end financial reporting process. This is an evaluation of the procedures that used at the period-end financial reporting, since people are more likely to modify the previous data at that time. The last one is policies that address significant business control and risk management practices.
It is auditor's responsibilities to identify significant accounts and disclosures and their relevant assertions. The assessment of financial statement assertions can be approaches from existence or occurrence, completeness, valuation or allocation, rights and obligations, and presentation and disclosure. While the evaluation in qualitative and quantitative risk factors related to the identification of significant accounts and disclosures and relevant assertions should be approaches from size and composition of the account, susceptibility to misstatement due to errors or fraud, volume of activity, complexity, and homogeneity of the individual transactions processed through the account or reflected in the disclosure, accounting and reporting complexities associated with the account or disclosure, exposure to losses in the account, possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure, existence of related party transactions in the account, and changes from the prior period in account or disclosure characteristics. It is also significant for auditors to identify some likely sources of potential misstatements.
Auditors should following four objectives when they are trying to come up with the likely sources of potential misstatements. The first is to understand the flow of transactions, such as how the transactions initiated, recorded or authorized. The second is to verify that the auditor has identified the points within the company's processes at which a misstatement. The third is to understand the control from the management and make sure they are not override. The last one is to discover the unauthorized actions to the data from the top management. It is required for the auditor to show they have performed all the above objectives in any way. In addition to that, auditors should also be aware of information technology system. They need to understand how the transactions flow in the system. A walkthrough is a common and effective way for auditors to achieve those objectives. It is efficient for auditors since they can understand the procedure by looking at them, if they have question, they can ask immediately.
Auditors should select which control to be tested by addressing what kind of conclusion they need. The results from one test may relate to some other assertions. Therefore, auditors should select the tests based on the assessed risk of misstatement to a given relevant assertion.
Material Weakness versus Significant Deficiency
Both material weakness and significant deficiency are a deficiency, or a combination of deficiencies, in internal control over financial reporting. By assessing the deficiency on the level of detail and degree of assurance, material control is more severe than significant deficiency. It indicated that there is a reasonable possibility that misstatements will occur due to the absence of effective internal control. Even though the significant deficiency is not serious, it still needs the management's attention.
Indicators of material weaknesses:
Identification of fraud on the senior management,
Corrections to the previous financial statements due to misstatements,
Identification of misstatements by the auditors, but it was not detected by the company's internal control,
Inefficiency of the company's audit committee
During the audit, if the auditors identified any material weakness, they need to communicate to management and audit committee in writing before they issue an auditing report. If they identified any significant deficiencies, they need to communicate with audit committee in writing; if they identified any inefficiency of the audit committee, they need to communicate with board of directors in writing about this conclusion. In addition, the auditors also need to communicate to management about all the deficiencies in internal control over financial report in writing, the information they need to mention here are less serious and do not need to be repetitive. Auditors do not need to perform any procedures if they already identify or aware of the deficiencies. Even though the auditors did not find any material weakness, they are not allowed to say there is no material weakness involved in the internal control over financial reporting. If there is any illegal activities were identified by the auditor, the auditor should determine their responsibilities under certain Acts. The material weakness should be included in the auditing report whereas the significant deficiency only need to report and communicated with managements, not outsiders.