The Top Down Approach: This approach is used when an Auditor is performing an audit on the internal controls of a client and is trying to choose which controls to test. A new Top Down Approach starts with the financial statements and the auditors knowledge of the risk associated with the reporting of the clients financial statements. The auditor then proceeds with entity-level controls and works downward to major accounts, disclosures and important assertions that direct the auditors focus to possible material misstatement on the financial statements and disclosers.
The next step is to identify and test the entity-level controls which will help the auditor form his or her conclusion on whether or not the client has good internal controls on the financial reporting. The information obtained on the entity-level controls will cause the auditor to either increase or decrease the amount of testing needed on other controls for the audit.
Get your grade
or your money back
using our Essay Writing Service!
Controls themselves can vary in accurateness and in nature for example, some controls are critical in the process of internal control however, they may not have an impact in the possibility of increasing the chances of catching a misstatement. These types of controls can have a big effect on the audit if the auditor is not aware of the type of controls and how they can affect the outcome of the audit. A few entity-level controls can be set-up to monitor other lower-level controls. In these cases the auditor needs to know if one control is tied to another so that he or she can reduce that amount of testing or on the flipside if a test fails then they have a lead to follow. If an entity-level control is designed to operate at a very high level of accuracy and this is known by the auditor, then no further testing is needed in that particular control.
Many types of controls exist for example some are directly related to the control environment and others are tied or linked together with other controls to help ensure that the internal control system operates effectively throughout the organization. All the controls that a company or client have in place make up the control environment, this environment is not only based on how many or what types of controls are in place, it is also a direct reflection of managements style of operating the organization and its internal control system. Furthermore, the environment is also influenced by integrity and values of top management and how the board or audit committee understands the internal controls of their organization.
Period-end financial reporting process, because of its importance the auditor must carefully evaluate the period-ending financial statements in order to ensure that the internal control process worked and thus the auditor can give a valid opinion on the financial statements. Some of the techniques used by the auditor include; transaction totals that are recorded on the General Leger and procedures used in preparing the annual or quarterly financial statements. As part of the assessment the auditor would check such other systems such as the information technology system to help ensure the accuracy of the financial reporting process.
Evaluating important accounts, disclosures and relevant assertions, the auditor should be on the lookout for relevant assertions in the financial statements because they have the possibility of containing misstatements which in turn would cause the financial statements to be materially misstated. Assertions include the following: existence or occurrence and completeness just to name a few. In order for the auditor to identify those accounts, disclosers and assertions he or she needs to find the risk factors associated with each account, discloser or assertions. The following risk factors are just a few examples: size and composition of the account, volume of activity or complexity and the possible existence of related party transactions. These risk factors help the auditor pinpoint the most likely areas of misstatement. When companies or clients have multiple locations or units then the auditor should use the consolidated financial statements in order for them to evaluate the potential risk factors.
To find the sources of misstatements the auditor should have a strong understanding of the flow transactions and their assertions and how they are developed, authorized, processed and recorded. Since a high amount of judgment is required for the audit, the auditor should perform the procedures or closely supervise the staff that is doing the audits under them as described in AU sec. 322. Furthermore, the auditor should also have a good sense of how information technology (IT) affects the company's/ client's flow of transactions and how that affects the internal control systems. Yet another effective way of achieving a good audit is to perform a walkthrough of the company's/ client's processes. During the walkthroughs the audit team should be looking for such procedures as combination of inquiry, observation, inspection of relevant documentation and re-performance of controls. Also during these walkthroughs the auditors should be questioning the company's/ client's employees on their understanding of the company's procedures and controls.
Always on Time
Marked to Standard
The auditor's choice on which controls should be tested: the auditor should focus on those controls that are most important to the auditor's conclusion about the company's/ client's controls and how they assess the risk of misstatement in each assertion. During the testing there may be more than one control that is signaling assessed risk of misstatement for one assertion. At the same time however, one control can be signaling that there is misstatement for two or more assertions. Ultimately, the decision to choose a control for testing is based on which control or controls address the highest risk of misstatement on any given assertion.
A material weakness is where one or more of a company's/clients internal controls is not working properly or is not working at all. This ineffectiveness will cause material misstatement on the financial statements. On the other hand a significant deficiency on the internal control system will be less severe than a material weakness. However, a significant deficiency will still require attention by the company's management and for them to report it to other parties such as the external auditors and other stakeholders of the company.
Indicators of material weakness are the following.
Indications of fraud, material or not material.
Restatement of previously issued Financial Statements
Identification by the external auditor of material misstatement and that it could have been prevented by the Company's/ Clients internal control but was not.
Ineffective oversight by the external financial reporting and internal control by the company's audit committee.
How material weakness are reported to the audit committee versus the auditor's report. The external auditor must communicate to the audit committee and management all material weakness identified during the audit. This information should be available prior to the issuance of the auditor's report on internal control over financial reporting. If the external auditor feels that the audit committee is ineffective, then the auditor must report its findings to the board of directors.
When considering reporting significant deficiencies; if the external auditor finds any significant deficiencies the auditor would have to report them to the audit committee in writing. Furthermore, the auditor should also communicate with management in writing about all their deficiencies in their internal control system. If there are any significant deficiencies the auditor is not required to perform any procedures to identify all control deficiencies. The auditor is only required to report the deficiencies that they are aware of that the time.