Internal control defines a process, which is designed to provide reasonable assurance regarding to the achievement of managements objective and divided into three categories: the reliability of financial reporting, the operations' efficiency and effectiveness and the promises with applicable laws and regulations. The term 'significant deficiencies in internal controls' under the Sarbanes-Oxley Act means that a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of a registrant's financial reporting. In order words, it means the lack of internal control. Material weaknesses in internal controls are deficiencies of internal control or combination of such that there is a reasonable possibility that a material misstatement in a firm's financial statements will not be detected or prevented. In order to determine whether a significant deficiency or deficiencies are material weakness, auditors must evaluate it along two dimensions: likelihood and significance. If there is more than a reasonable possibility (likelihood) that a material misstatement (significance) can result from the significant deficiencies, then it is considered to be a material weakness. Each significant deficiency and material weakness can be applied to one or more relevant audit objectives. It is vital for the auditors to have good understanding of the entity and its environment, including its internal controls, assessing the material misstatement risk of the financial statements whether it is linked to errors or fraud and to design the timing, nature and the extent of further audit procedures. Auditors need to decide the control risk at the objective level for transaction type and all objectives should be appeared to be low unless there are significant deficiencies or material weaknesses.
Get your grade
or your money back
using our Essay Writing Service!
Since controls that affect the effectiveness and efficiency of the firm's operations may not influence the fair presentation of financial statements, they are not the main concern of auditors. In contrast, auditors should not abandon the controls affecting internal management information, for examples, budgets and internal performance reports. Because these information are normally used by the management for their business operation, which are important sources of evidence that aid the auditors to decide whether the financial statement are fairly presented. If the controls over these internal reports are inadequate, the value of the reports as evidences will not be strong enough. Auditors are responsible for the discovery of material fraudulent financial reporting and misappropriation of asset (fraud) and direct-effect illegal acts. Therefore, they are also interested in the internal control of a client over the safeguard of assets and compliance with laws and regulations as they affect the fairness of the financial statements. Moreover, auditors should be able to identify the differences between an error and a fraud; error is mistake made by human beings while fraud is a wrongful act with intention in order to gain financial benefits. Furthermore, auditors should be responsible for professional scepticism since it is important to assess evidences critically. If internal controls are designed and implement properly and accurately, it will be more effective to detect and prevent fraud. In order to assess the their client's internal control, auditors should firstly identify the existing controls before discovering significant deficiencies and material weaknesses because they are caused by the absence of adequate controls. Secondly, auditors should identify the absence of key controls by distributing internal control questionnaires, flow-charts and walkthroughs. An internal control questionnaire is based on a series of questions about the controls in each audit area as a mean of identifying internal control deficiencies. It is usually constructed by 'Yes' or 'No' questions that an answer with 'No' indicates potential internal control deficiencies. Auditors will be able to cover each audit area quickly. An internal control flowchart shows the documents of clients and the sequential flow in the firm. It provides a concise overview of the clients' system which is easy to read and easy to update. Auditors usually pick one or a few documents of a transaction in a walkthrough, and trace them from initiation through the whole accounting process. Auditors make inquires observe activities and examine completed documents and records at each stage of processing. Walkthrough is a mixture of observations, documentations and inquiries to assure that the controls designed by the management is implemented. Internal control questionnaires and flowchart are often used together to provide a better understanding of the clients' internal control designs and clearly recognising the internal controls and deficiencies. Auditors must also determine whether the controls designed are implemented in the management even though they have good understanding of the design of the internal controls. They can also examine the control risk matrix to search for objectives where there are none or only a few controls to avoided or detect misstatements.
Always on Time
Marked to Standard
Auditors must promptly communicate significant deficiencies and material weaknesses in writing after being aware of their existence to those charged with governance because in some cases, deficiencies can be correctly sufficiently early, and both management and auditors can summarize that controls are operating effectively as of the balance sheet date. Auditors are required to voice an adverse opinion on the effectiveness of internal controls if material weaknesses exist.
According to the Financial Stability Board (FSB), the International Standards on Auditing (ISA) was issued by the International Federation Of Accountants (IFAC) through the International Auditing And Assurance Standards Board, are professional standards which deal with the responsibilities of independent auditors when conducting financial statements' audit. It comprises requirements and objectives together with application and other explanatory material. An understanding of the entire text of an ISA is needed for auditors in order to understand its objectives and apply its requirements properly. The ISAs have implant a focus on objectives of promoting a rational audit, and emphasize the importance of professional scepticism; and to concentrate on different views of financial statements that generally have higher risks of material misstatement in virtually all audits.
The ISA 265, 'Communicating Deficiencies in Internal Control', deals with the responsibilities of auditors to communicate appropriately to those charged with governance and management deficiencies in internal control that the auditor has identified in a audit of financial statements. Under the ISA 265, the term 'significant deficiencies in internal control' implied the meaning of a deficiency or a combination of deficiencies in internal control, not only depends on whether a misstatement has actually occurred, but also how likely a misstatement could occur and the potential magnitude of the misstatement. As a result, significant deficiency might exist although the misstatements are not identified during the audit. For examples, the susceptibility to fraud or loss of the relevant liability or asset and the amount of financial statement exposed to the deficiencies.
Any significant deficiencies recognised during the audit must be communicated to those in charged of governance in writing and responsively. If this happened, auditors are required to include a description of the deficiencies and explain the potential effects in order to inform those in charge with governance. An internal control deficiency may not be sufficiently important to compose a significant deficiency on its own. On the other hand, a combination of deficiencies that affect the same disclosure or account, related assertion or internal control component may lead to an increase in the misstatement risks which might give rise to a significant deficiency. Sometimes, although auditors did not identify any misstatements during an audit does not mean that there is not any significant deficiency. It depends on the occurrences of a misstatement risk and its potential magnitude.
Referring to the assessment and the internal control test provided by the auditor, they are required to prepare an audit report on internal control over financial reporting for public firms based on the requirements stated on the section 404 of the Sarbanes-Oxley act. When there are no identified material weaknesses or if there have been no restrictions on the scope of the work of the auditors, it will be acceptable for auditors to issue an unqualified or clear opinion on the effectiveness of a client's internal controls over financial reporting. However, this situation is highly unlikely to occur.
To summarize, the responsibilities of auditors of public companies to discover and report significant deficiencies in internal controls and material weaknesses in internal controls are quite similar under the Sarbanes-Oxley act and the International Standard on Auditing 265. The two professional standards are important guidance which improves and maintain the quality of auditors and their works.