To reduce material misstatement an auditor must use the top-down approach to evaluate a company's internal controls over financial reporting. The auditor must understand the risks that are present in the company's internal controls relating to financial statements. The first item an auditor looks at is identifying entity-level controls. Secondly, the auditor must identify disclosures and significant accounts, which have the highest probability to make the financial statements materially misstated. Lastly, the auditor must reflect on his/her knowledge of the company's procedures and select the best controls to test.
After a thorough understanding of the company's procedures the auditor evaluates entity-level procedures that affect his/her understanding on whether the company has acceptable or unacceptable internal controls. There is a direct correlation between entity-level controls to the control risk in the audit risk model. Depending on the quality of the company's internal control procedures on the financial reports the auditor will increase or decrease his/her own audit procedures (detection risk).
Get your grade
or your money back
using our Essay Writing Service!
Entity-level controls vary in three distinct ways. The first entity-level control has an indirect effect on the timeliness of a detected or prevented misstatement. This control affects other controls the auditor might choose and how and when to use them. The second entity-level control uses checks and balances of other entity-levels controls. When these controls are running inefficiently an auditor must increase the testing of other controls. The third entity-level control is multifunctional and assesses the risk of misstatement to more than one relevant assertion. If a control of this category is running effectively, there is little need to test other controls for that risk.
There are two entity-level controls that are most important to finding whether a company's internal controls over financial reporting is effective and free from material misstatement. The first is the control environment, which the auditor must have a significant understanding. The auditor needs to asses how management effectively promotes quality internal controls relating to financial reporting. The auditor must find out the attitudes and ethical values of top management and the effectiveness of oversight with the audit committee. The second entity-level control that the auditor must evaluate because of its importance to the final auditor's opinion of the financial statements is the period-end financial reporting process. This includes finding out all of the company's accounting procedures pertinent to general ledger totals, accounting policies, whether journal entries are reliable, and quarterly and annual financial statements and other disclosures. To asses these procedures the auditor needs to assess the following pertaining to the period-end financial reporting process:
The inputs going into finalized financial reporting documents.
Management's and the information technology involvement.
Types of adjusting and consolidation entries.
The oversight by management and the audit committee.
After evaluating a company's entity-level controls the auditor moves to identifying significant accounts and disclosures and their relevant assertions. The auditor must evaluate the line items and disclosures within the financial statements to determine which one's have the greatest ability to generate a materially misstated financial statement. Examples that can constitute a material misstatement in a financial statement include: size and composition of the account, a change in account or disclosure from a prior period, misstatements due to error or fraud, and presence of related party transactions. Within each of these examples the auditor should find out the origin of these materially misstated accounts and disclosures. Furthermore, there should be no difference between the audit of internal controls of financial reporting and the audit of the financial statements when looking at potential risk factors. Each component of significant accounts and disclosers might have different risks that could not have been detected by previous tests of entity-controls. Therefore, new controls and tests must be created to evaluate these significant accounts or disclosures. An auditor must keep in mind, however, that if the company being audited has different locations or business units, then he/she should refer to the consolidated financial statement for significant accounts and disclosures.
Before an auditor can effectively choose controls to test, he/she should have a great understanding of the likely sources of misstatement. An auditor should understand the following:
The flow of transactions related to possible materially misstated items, and the subsequent process of those transactions.
Always on Time
Marked to Standard
Confirm the auditor is aware the company's processes can be tied together or individually materially misstated.
Identify how management has tried to alleviate these potential misstatements, and if the company has unethically reallocated company assets.
Performing a walkthrough is the best way an auditor can better understand likely sources of misstatement. A walkthrough involves following a single transaction from origin to its end in the financial statements. Performing a walkthrough achieves best results when performing single transaction tests with an employee at the company who is familiar with the procedures/controls. If a weakness or poor controls are found the auditor should investigate further to see if other transactions are similarly stated and ultimately conclude whether it is materially misstated.
The final step in the top-down approach is selecting controls to test that are materially impacting the auditor's conclusion on whether or not the company's controls effectively assess the risk for each relevant assertion. There is no reason to test a control if its relevant assertion has already been tested by another control; unless the audit's purpose is to try and help the company eliminate unnecessary internal controls. Ultimately, the auditor should select the control that best addresses the assessed risk to a particular assertion.
A material weakness is one or more deficiencies in a company's internal control over financial reporting that creates a reasonable possibility for a material misstatement to not be detected in a timely manner. A significant deficiency is the same as a material weakness except it is less severe, but still warrants the attention of management, or the body in charge of oversight on financial reporting. Some indicators of material weaknesses in internal controls over financial reporting include:
Detection of any type of fraud by senior management.
The company has restated a financial statement based on a material misstatement.
The auditor finds a material misstatement in the current periods financial statements, and indicates that the company's internal control over financial reporting would not have detected it.
The audit committee has inadequate oversight of the company's internal controls over financial reporting and external reporting.
Material weaknesses and significant deficiencies must be reported to the audit committee and on the audit report. All material weaknesses must be reported in writing to the audit committee before the issuance of the auditor's report. Significant deficiencies must be reported to the audit committee as well. In the case the auditor feels the company's internal controls over financial reporting is unsuccessful in eliminating material weaknesses, the auditor must communicate that in writing to the board of directors. All deficiencies in internal controls over financial reporting should be communicated to management, and subsequently the audit committee must be made aware of this. The audit report is much more formalized and must include many elements that the PCAOB requires. The audit report therefore can contain much more information about deficiencies in internal controls over financial reporting than the written communication to the audit committee.