Accounting Standard No. 5, an audit of internal control over the financial reporting that is integrated with an audit of financial statements, was created by the Public Company Accounting Oversight Board as an amendment to Accounting Standard No. 2 to clarify uncertainties for auditors. The standard was created in accordance with the Sarbanes-Oxley Act (2002) which requires management of publically held companies to report on the effectiveness of internal control in addition to the assessment of financial statements.
When conducting an audit of internal controls over financial reporting, the auditor must gain an understanding of the audit entity so that the auditor can successful identify possible internal control risks. The auditor achieves this by using the top-down approach, which is a sequential process of identifying risks and which controls subsequently need to be tested. This approach begins with the auditor identifying risks of internal control over financial reporting to ensure the accuracy of financial statements. In order to ensure accuracy, the auditor must identify probable material errors in the financial statements.
Get your grade
or your money back
using our Essay Writing Service!
After identifying internal control risks of financial reporting, the auditor must then focus on risks associated with entity-level controls. Entity-level controls are more specific controls established within the entity to ensure the reliability and assurance of financial statements such as control environment, controls to monitor other controls, and controls of end of period reporting. Control environment controls consist of management's ability to establish effective internal controls over financial statement reporting and the integrity/ethics supported by management. The control environment also includes controls like the effective oversight of the board of directors and audit committee over management. Controls that monitor other controls include management override, which is important in to ensure the involvement of management with internal controls and financial statement reporting is not too influential. Often these controls are designed to identify breakdowns in lower controls.
Entity-level controls can have significant effects on the likelihood that material misstatements will be detected or prevented in a timely basis. An auditor's evaluation of entity-level controls can result in the increased or decreased extent that an auditor will perform testing on other identified controls.
Following the auditor's focus of entity-level controls the auditor must disperse further by identifying significant accounts, disclosures, and corresponding assertions. This step of the top-down approach requires that the auditor assesses accounts, disclosures, and assertions that can present a possibility of material misstatement in the financial statements. To properly evaluate these, an auditor must consider qualitative and quantitative risk factors which can include size/composition of accounts, susceptibility of error/fraud, nature of the account, and transaction complexity.
It is the auditor's responsibility to determine potential accounts and disclosures that can be potential sources of material misstatements. To improve the assurance that an auditor determines misstatement sources, the auditor should have a thorough understanding of the initiation, authorization, processing, and recording of transactions. The auditor should also identify controls management implements to prevent or detect unauthorized acquisition, use, or disposition of assets that could potentially cause a material misstatement. Walkthroughs are a useful auditing tool, where the auditor uses inquiry, observation, document inspection, and performance of controls to follow a transaction from origination throughout the company's process of recording. It is up to the auditor to ensure that the controls tested support the auditor's conclusion of the control sufficiency for assessed risk of misstatement.
The audit of internal control over financial reporting can often result in a material weakness or significant deficiency, which results in different treatment according to established auditing standards. A material weakness is a deficiency, or combination of, arising in the audit of internal control over financial reporting, when there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected in a timely basis.
When conducting an audit of internal controls over financial reporting there are several indicators auditors can witness that suggest a material weakness exists. These indicators of material weaknesses include signs of financial fraud by management or the ineffective oversight of reporting and internal controls by the audit committee. It is also likely that a material weakness exists when an auditor identifies a material misstatement that would not have been detected by the internal controls established by management. Finally an auditor can review previous period financial statement disclosures, and histories of financial restatements can often indicate the existence of a material weakness.
Always on Time
Marked to Standard
When an auditor has determined the existence of a material weakness, its discovery must be communicated in writing to management and the audit committee. All weaknesses must be communicated before the issuance of the audit report of internal control on financial reporting. If the auditor determines that oversight of the audit committee is ineffective, the auditor must communicate this opinion to the board of directors directly.
A significant deficiency is the existence of one or more deficiencies arising in the audit of internal control over financial reporting. Theses deficiencies are less severe than those of a material weakness; however are important enough to mention by those responsible for financial reporting oversight.
When an auditor has determined the existence of a significant deficiency, the auditor must communicate its existence in writing to the audit committee. The auditor must then communicate all significant deficiencies of internal control of financial reporting with management and notify the audit committee when this communication has been completed.
After communicating the audit findings with the audit committee, management, and/or the board of directors the auditor is required to create an audit report. In the report the auditor must state the existence of limitation with an audit of internal controls for financial reporting. These limitations include the failure to prevent or detect material or significant deficiencies, which can arise through the deterioration of policy and procedure compliance by companies or the inadequacy of controls due to condition changes.