The preliminary step in conducting an audit involves using the top down approach. The top down approach carefully evaluates internal controls in financial statements that could lead to material misstatements. The top down approach is the reviewing of financial statements in a step by step process. This begins by reviewing the internal controls of the financial statements as a whole. Then it involves reviewing each step at an account level, disclosure level and finally specific assertations. At which point, the auditor chooses which controls are essential to test as for their ability to result in material misstatements.
The first step involves evaluating entity level controls. Depending on the auditor's assessment of internal controls at the entity level results in the number of tests that the auditor will perform. Entity level controls vary with purpose. Purposes of these controls include: environmental controls, effective controls and precision controls. Environmental controls indirectly affect other control auditors test. Effective controls provide the auditor with possibility of weaknesses through lower level controls that will result in material misstatements. Precision controls are used to find material misstatements in assertations.
There are various controls at the entity-level. These controls include: environmental controls, override capabilities of management controls, company risk assessment process controls, centralized processing controls, operational result controls, internal audit function controls, audit committee controls, self-assessment controls, period-end financial reporting controls, business policy controls and risk management controls.
A careful assessment of the control environment is very important during the audit process. An auditor must determine three key factors. These key factors must provide the auditor with assurance that the company is promoting effective internal controls. These key evaluation factors include: reviewing management's philosophy and operating style, determining if integrity and ethical values have been developed, and that the board or audit committee examine responsibility.
An auditor must also evaluate the process related to period-end reporting. There are several procedures associated with period-end reporting all of which need to be examined. These procedures include: posting totals of transactions to the general ledger, selecting and administrating accounting policies, all aspects of journal entries in the general ledger, and both quarterly and annual statements including disclosures. During these procedures, the auditor must examine information technology used, management personnel involved, participating locations, adjusting and consolidating entries and involvement and board of directors and audit committee.
It is the auditor's responsibility to examine significant accounts and disclosures. Assertations associated with both must also be examined. These examinations must cover any area that may result in material misstatements on financial statements. Assertations that should be looked at include: existence, occurrence, rights, obligations, presentations and disclosures.
After the auditor has identified significant accounts, risk assessment must take place. Risk factors need to have qualitative and quantitative evaluations. Risk factors include: account size, account type, effect of errors or fraud, amount of transactions, type of transactions, account losses, contingent liabilities, related party transactions, and changes prior to period transactions.
Auditors need to identify how material misstatements could take place in significant accounts. The source of these misstatements must also be identified. Auditors must keep in mind the same risk assessment during this process as was used in evaluating financial statements. Many risks could be apparent in each account. It is important to establish various controls to diminish a multitude of risk.
Get your grade
or your money back
using our Essay Writing Service!
An auditor must understand various types of misstatements when implementing control tests. Transaction flow, company processes that could generate misstatements, control weaknesses, prevention and detection of unauthorized transactions must be understood before controls can be tested. Good judgment must be used when gaining knowledge of potential misstatements. A good understanding of information technology used is important as to the possibility of misstatement during transaction flow.
A walk through is the best way to understand where misstatements may occur or weaknesses in the information system. This is when an auditor follows a transaction step by step through the entire accounting process. During the walk through, the auditor must continuously evaluate and question each process.
Once a conclusion has been made, an auditor may now test important controls. The auditor must be aware of the effect of one control and it is not necessary for the same control to be re-tested when examining various assertions. Controls must only be tested that may allow for material misstatements as identified by the auditor.
A material weakness is a lack of one or more internal controls that result in material misstatements of financial statements. Material weaknesses don't catch material misstatements or allow for these to be found prior to an error on statements. Although significant deficiencies are important to recognize, they do not result in material misstatements. However, they are still areas that must be improved in internal control.
Indicators of material weaknesses include: finding fraud that has resulted from decisions made by management, restating previous financial statements that correct misstatements, auditors discovering material misstatements that have not been found by management or through the internal controls, and audit committee lack to develop effective internal controls. Deficiencies must also be treated by the auditor as an indicator for material weakness. The auditor must also identify the level of deficiencies and see if the statements produced are still in accordance with GAAP.
Prior to the auditing report and auditor is responsible for notifying material weaknesses in writing to management and the audit committee. If the auditor finds that the audit committee is not producing accurate reports this must be expressed in writing to the board of directors. The audit committee must be given identified significant deficiencies in writing by the auditor. The auditor must supply management with significant deficiencies in writing and inform the audit committee this has been done. The auditor must only inform the audit committee of deficiencies they are aware of.
An auditor's report must be titled as independent. The auditor must explain that it is management's duty to have effective internal controls. The report should also include internal controls identified by management, a statement of the auditors responsibility is that of an opinion, definition of internal control, the audit was conducted within GAAP, a statement of the risk assessment of internal controls, statement that the audit has been preformed as a reasonable opinion, and explanation that misstatements may occur in future periods due to lack of following policies. An auditor must offer an opinion that the company has followed control criteria. An auditor must provide their firm's manual, firm's signature, location of audit and audit date.
Always on Time
Marked to Standard