The goal for any auditor in the field is to test a firm's assertions and then be able to issue a statement with reasonable confidence that all possible material misstatements have been detected. Unfortunately, it is difficult to be one-hundred percent sure about a firm's statements without proper audit planning. The top-down approach to an audit of internal controls is the PCAOB's way of assisting auditor's with this process. This approach allows the auditor to focus testing on specific accounts and disclosures determined to have to most legitimate possibility of material misstatements.
The first step in the top-down approach involves identifying significant accounts where material risks could lie based upon what the financial statements show. The second step moves into the process of developing an understanding for the internal controls of the firm being audited. By gaining an understanding of internal controls auditors can make reasonable assumptions about the likelihood of a material misstatement being overlooked by the firm's own controls. This can be achieved by first analyzing the control environment, which is composed of the firm's general feelings and actions towards internal controls. Various factors can make up a firm's control environment such as management's style and philosophies, responsibility and interest shown by the audit committee, as well as the integrity and ethical values exhibited by top-management. It is also a requirement for an auditor to gain a strong understanding of a firm's period-end financial reporting process. It may be necessary to consider the data and journal entry processes, as well as which individuals have system override capabilities. It may also be important to understand the extent of I.T.'s capabilities involving transactions, along with the general oversight in the financial reporting process displayed by management, the board of directors, and the audit committee.
Get your grade
or your money back
using our Essay Writing Service!
After developing an understanding of a firm's internal controls the next step for an auditor is to identify significant accounts and disclosures along with their relevant assertions. Relevant assertions are those which carry the possibility of a misstatement that would lead the firm's financial statements to be materially misstated. High risk accounts such as sales are most obviously associated with fraud and misstatements, but there are some other risk factors used to find where the material misstatements may be. These factors include, but are not limited to; account size and type, volume and complexity of transactions within an account, complexity associated with account disclosure, and changes in account characteristics from the prior period. As well it may not be necessary to asses where all misstatements reside, just the ones that will likely break the materiality threshold in order to limit the amount of audit testing preformed. The best way to test accounts for these symptoms is by following specific transactions through the firm's internal processes, in a procedure known as a "walkthrough".
The final step in the top-down process of internal control audits is the selection of which controls are to be tested. It is important that the auditor chooses to examine the controls that will help solidify the conclusion of whether or not a firm's internal controls are capable of preventing a material misstatement. It also may be possible that more than one control satisfies the requirements of a relative assertion, and on the other hand one control may satisfy more than one relative assertion. It is in the auditor's best interest to test these scenarios to the fullest extent while using the least amount of resources possible, which ultimately is the purpose of the top-down approach.
Material Weakness vs. Significant Deficiency
The PCAOB's AS5 definitions of material weakness versus a significant deficiency appear to be quite similar in their entirety, if not for a few specific modifications in wording. A material weakness is defined as, "A deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is aÂ reasonable possibilityÂ that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis." The definition of a significant deficiency is less severe than that of a material weakness; however the lack of internal control should be brought to the attention of management.
Always on Time
Marked to Standard
Since a material weakness is a more severe matter when it comes to internal controls, it is important to address specific indicators that a material weakness exists. These indicators include the identification of any sort of previous fraud by upper management, the restatement of previously materially misstated financial statements, the detection of a misstatement in the current period by an auditor that would not have been caught by a the firm's internal controls, as well as ineffective financial reporting oversight by the firm's audit committee.
It is important for an auditor to properly report any material weakness or significant deficiencies that he or she finds while conducting an internal audit. In terms or the audit committee, all relevant material weaknesses and significant deficiencies must be reported to them in writing prior to the auditor's report on internal controls is issued. It would also be pertinent to deliver this information in writing to management so they can work on making the necessary improvements to internal controls. In terms of issuing an internal auditor's report, all material weaknesses must be stated to the public so that users can assess their impact and make assumptions about the future of the organization. On the other hand, significant deficiencies are not required to be included in any internal control audit reports by the auditor due to their lack of "material significance". It is up to the firm's management to take responsibility to the public to correct these internal control mistakes.