Accounting Standard No. 5 contains vital information about how to conduct audits of internal control over financial reporting that are integrated with audits of financial statements. Important aspects of the standard include the implementation of the top-down approach as a means to identify the controls to test, as well as the differences between a material weakness and a significant deficiency and how each should be handled.
Summary of the Top-Down Approach
The top-down approach initiates at the financial statement level where the auditor should comprehend the overall risks to internal control over financial reporting. The auditor then works their way down to the entity level controls where they determine significant accounts and disclosures and their relevant assertions. By starting at the top and working downward the auditor can more easily identify where the greater possibility of material misstatements may lie and develop their control tests accordingly.
Assessment of entity level controls should show the auditor where weaknesses in the company's control system could lead to material misstatement on the financial statements. It should also show where controls are sufficient and prevent the need for additional testing. In determining what controls are in place at the entity level and identifying where they are sufficient and where they are lacking, the auditor can deduce which accounts are more susceptible to misstatement. Entity Level controls include controls over management override, controls to monitor results of operations, controls of the internal audit and self-assessment, controls over period-end financial reporting etc. These are all controls implemented to keep things running smoothly and true to reality.
Get your grade
or your money back
using our Essay Writing Service!
The control environment should also be assessed by the auditor. They should have an understanding of the core values of management in order to assure they have ethical philosophy, sound integrity and appropriate values and maintain responsibility for accurate financial statements. This can help determine whether more or less attention should be paid in certain areas of testing.
The process at the end of the period for financial reporting should also be evaluated. It should include appropriate procedures to ensure transactions were recorded appropriately, approved accounting policies were implemented, and necessary disclosures were included. IT involvement should also be evaluated at this point to guarantee that the risk of misstatement is sufficiently addressed.
The next step of the top-down approach is to identify significant accounts and disclosures as well as their relevant assertions based on the assessment of controls and processes previously performed. The relevant assertions are those which have a reasonable possibility of being misstated and causing the financial statements to be materially misstated.
Looking at the line items in the financial statements and determining risk factors related to each item helps determine where the risks lie and where testing is required. The auditor should assess things like the size of the account, susceptibility to errors or fraud, the complexity, the nature, the complexities associated with it, and other such qualities that might make it susceptible to misstatement whether it is accidental or fraudulent. While determining which accounts are significant based on these characteristics the auditor should assess the likelihood that an error occurred due to these characteristics with consideration to the controls previously assessed. A key question to ask about each significant account is "what could go wrong?"
Understanding the functions of the company being audited is extremely important. The auditor should have sufficient information about the flow of transactions, possible weaknesses, understand controls in place to correct those weaknesses, controls for prevention of misstatement, etc. A walk through of the company's processes is an effective way to collect all of this information.
After gathering all the necessary information about the company's controls and significant accounts, the auditor should test controls in order to address the assessed risk of misstatements. The controls tested should in total sufficiently address the possibility of misstatement.
Material Weakness versus Significant Deficiency
A material weakness is a lacking in internal control where there is a reasonable possibility that a material misstatement on a company's financial statements will not be prevented or noticed in a timely manner. It is important to maintain that a material weakness can exist without an occurrence of misstatement.
Always on Time
Marked to Standard
A significant deficiency is similar to a material weakness in that there is a weakness in internal control over financial reporting,. but the outcome is less severe. Although it is not as severe as a material weakness it is still important to take notice of it and reveal it to the company.
Warning signs that a material weakness exists in internal control over financial reporting include any identification of fraud by senior management, restated financial statements in the past due correction of material misstatements, current misstatements of material amounts due to lack of internal control, and ineffective supervision of financial reporting by the audit committee. These are serious problems due to lack of controls within the company. Significant deficiencies may have some of the same indicators, but they are less severe.
It is required that all material weaknesses identified during the audit are reported in writing to management and the audit committee prior to the issuance of the auditor's report. Management should also be notified in writing of any deficiencies identified during the audit process and the audit committee should be informed when that notification is made.
The auditor' report will contain the auditor's opinion on whether or not the company maintained effective internal control (no material weaknesses) over financial reporting. It is not required that any significant deficiency is revealed in the auditor's report.