Site Loader

A1. For purposes of this standard, the terms listed below are defined as follows -. A2. A control objective provides a specific target against which to evaluate the. Re: PCAOB Release: Preliminary Staff Views – An Audit of Internal We fully support the PCAOB’s commitment to providing guidance on. General Auditing Standards. Reorg. Pre-Reorg. Reorganized Title. General Principles and Responsibilities. AS AU sec.

Author: Terr Arashibar
Country: Uruguay
Language: English (Spanish)
Genre: Travel
Published (Last): 22 June 2016
Pages: 41
PDF File Size: 6.47 Mb
ePub File Size: 17.7 Mb
ISBN: 690-8-97020-284-8
Downloads: 57216
Price: Free* [*Free Regsitration Required]
Uploader: Nir

Leveraging Auditing Standard No.5 (AS5) to Streamline SOx Compliance

Click to expand menu items Click to collapse menu items. Effective internal control over financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. The auditor’s objective in an audit of internal control over financial reporting is to express an opinion on the effectiveness of the company’s internal control over financial reporting.

A material weakness in internal control over financial reporting may pcalb even when financial statements are not materially misstated. Those standards require technical training and proficiency as an auditor, independence, and the exercise of due professional care, including professional skepticism.

This standard establishes the fieldwork and reporting standards applicable to an audit of internal control over financial reporting.

Leveraging Auditing Standard No.5 to Streamline SOX Compliance

The auditor should use the same suitable, recognized control framework to perform his or her audit of internal control over financial reporting as management uses for its annual evaluation of the effectiveness of the company’s internal control over financial reporting. The audit of internal control over financial reporting should be integrated with the audit of the financial statements. The objectives of the audits are not identical, however, and the auditor must plan and perform the work to achieve the objectives of both audits.

In pcqob integrated audit of internal control over financial reporting and the financial statements, the auditor should design his or her testing of controls to accomplish the ad5 of both audits simultaneously. Obtaining sufficient evidence to support control risk assessments of low for purposes of the financial statement audit ordinarily allows the auditor to reduce the amount of audit work that otherwise would have been necessary to opine on the financial statements.

Auditing Standard No. 5

See Appendix B for additional direction on integration. In such circumstances, the auditor’s tests of the operating effectiveness of controls would be performed principally for the purpose of supporting his or her opinion on whether the company’s internal control over financial reporting is effective as of year-end. The results of the pcaaob financial statement auditing procedures also should inform his or her risk assessments in determining the testing necessary to conclude on the effectiveness of a control.

The auditor should properly plan the audit of internal control over financial reporting and properly supervise the engagement team members. When planning an integrated audit, the auditor should evaluate whether the following matters are important to the company’s financial statements and internal control over financial reporting and, if so, how they will affect the auditor’s procedures.

Many smaller companies have less complex operations. Additionally, some larger, complex companies may have less complex units or processes. Factors that might indicate less complex operations include: Risk assessment underlies the entire audit process described by this standard, including the determination of significant accounts and disclosures and relevant assertion s, the selection of controls to test, and the determination of the evidence necessary for a given control. A direct relationship exists between the degree of risk that a material weakness could exist in a particular area of the company’s internal control over financial reporting and the amount of audit attention that pcob be devoted to that area.

In addition, the risk that a company’s internal control over financial reporting will fail to prevent or detect misstatement caused by fraud usually is higher than the risk of failure to prevent or detect error. The auditor should focus more of his or her attention on the areas of highest risk. On the other hand, it is not necessary to test controls that, even if deficient, would not present a reasonable possibility of material misstatement to the financial statements. The complexity of the organization, business unit, or process, will play an important role in the auditor’s risk assessment and the determination of the necessary procedures.

aas5

The size and complexity of the company, its business processes, and business units, may affect the way in which the company achieves many of its control objective s.

The size and complexity of the company also might affect the risks of misstatement and the controls necessary to address those risks. Scaling is most effective as a natural extension of the risk-based approach and applicable to the audits of all companies.

Accordingly, a smaller, less complex company, or even a larger, less complex company might achieve its control objectives differently than a more complex company. When planning and performing the audit of internal control over financial reporting, the auditor should take into account the results of his or her fraud risk assessment.

Controls that might address these risks include. If the auditor identifies deficiencies in controls designed to prevent or detect fraud during the audit of internal control over financial reporting, the auditor should take into account those deficiencies when developing his or her response to risks of material misstatement during the financial statement audit, as provided in paragraphs of Auditing Standard No.

The auditor should evaluate the extent to which he or she will use the work of others to reduce the work the auditor might otherwise perform himself or herself. For purposes of the audit of internal control, however, the auditor may use the work performed by, or receive direct assistance from, internal auditors, company personnel in addition to internal auditorsand third parties working under the direction of management or the audit committee that provides evidence about the effectiveness of internal control over financial reporting.

  LARS SCHANDORFF PDF

In an integrated audit of internal control over financial reporting and the financial statements, the auditor also may use this work to obtain evidence supporting the auditor’s assessment of control risk for purposes of the audit of the financial statements. The auditor should assess the competence and objectivity of the persons whose work the auditor plans to use to determine the extent to which the auditor may use their work.

The higher the degree of competence and objectivity, the greater use the auditor may make of the work.

The auditor should pcapb paragraphs. The auditor should apply the principles underlying those paragraphs to assess the competence and objectivity of persons other than internal auditors whose work the auditor plans to use. For purposes of using the work of others, competence means the attainment and maintenance of a level of understanding and knowledge that enables that person to perform ably the tasks assigned to them, and objectivity means the ability to perform those tasks impartially and with intellectual honesty.

To assess competence, the auditor should evaluate factors about the person’s qualifications and ability to perform the work the auditor plans to use. To assess paob, the auditor should evaluate whether factors are present that either inhibit or promote a person’s ability to perform with the necessary degree of objectivity the work the auditor plans to use. The auditor should not use the work of persons who have a low degree of objectivity, regardless of their level of competence. Likewise, the auditor should not use the work of persons who have a low level of competence regardless of their degree of objectivity.

Personnel whose core function is to serve as a testing or compliance authority at the ax5, such as internal auditors, normally are expected to have greater competence and objectivity in performing the type pvaob work that will be useful to the auditor.

The extent to which the auditor may use the work of others in an audit of internal control also depends on the risk associated with the control being tested. As the risk associated with a control increases, the need for the auditor to perform his or her own work on the control increases.

In planning the audit of internal pcaon over financial reporting, the auditor should use the same materiality considerations he or she would use in planning the audit of the company’s annual financial statements.

The auditor should use a top-down approach to the audit of internal control over financial reporting to select the controls to test. A top-down approach begins at the financial statement level and with the auditor’s understanding of the overall risks to internal control over financial reporting. The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions. This approach directs the auditor’s attention to accounts, disclosures, and assertions that present a reasonable possibility of material misstatement to the financial statements and related disclosures.

The auditor then verifies his or her understanding of the risks in the company’s processes and selects for testing those controls that sufficiently address the assessed pccaob of misstatement to each relevant assertion.

The top-down approach describes the auditor’s sequential thought process in identifying risks and the controls to test, not necessarily the order in which the auditor pcaib perform the auditing procedures. The auditor must test those entity-level controls that are important to the auditor’s conclusion about whether the company has effective internal control ;caob financial reporting.

The auditor’s evaluation of entity-level controls can result in increasing or decreasing the testing that the auditor otherwise would have performed on pxaob controls. Controls xs5 management override are important to effective internal control over financial reporting for all companies, and may be particularly important at smaller companies because of the increased involvement of senior management in performing controls and in the period-end financial reporting process.

For smaller companies, the controls that address the risk of management override might be different from those at a larger company. For example, a smaller company might rely on more detailed oversight by the audit committee that focuses on the risk of management override. Because of its importance to effective internal control over financial reporting, pcakb auditor must evaluate the control xs5 at the company.

As part of evaluating the control environment, the auditor should assess. Period-end Financial Reporting Process. Pxaob of its importance to financial reporting and to the auditor’s opinions on internal control over financial reporting and the financial statements, pdaob auditor must evaluate the period-end financial reporting process.

The period-end financial reporting process includes the following. Because the annual period-end financial reporting process normally occurs after the “as-of” date of management’s assessment, those controls usually cannot be tested until after pcxob as-of date. As part of evaluating the period-end financial reporting process, the auditor should assess. The auditor should obtain sufficient evidence of the effectiveness of those quarterly controls that are important to determining whether the company’s controls sufficiently address the assessed risk of misstatement to each relevant assertion as of the date of management’s assessment.

However, the auditor is not required to obtain sufficient evidence for each quarter individually.

The auditor should identify significant accounts and disclosures pacob their relevant assertions. Relevant assertions are those financial statement assertions that have a reasonable possibility of containing a misstatement that would cause the financial statements to be materially misstated. The auditor may base his xs5 her ad5 on assertions that differ from those in this standard if the auditor has selected and tested controls over the pertinent risks in each significant account and disclosure that have a reasonable possibility of containing misstatements that would cause the financial statements to be materially misstated.

  ERASMO ELOGIO ALLA FOLLIA PDF

To identify significant accounts and disclosures and their relevant assertions, the auditor should evaluate the qualitative and quantitative risk pdaob related to the financial statement line items and disclosures.

Risk factors relevant to the identification of significant accounts and disclosures and their relevant assertions include. As part of identifying significant accounts and disclosures and their relevant assertions, the auditor also should determine the likely sources of potential misstatements that would cause the financial statements to be materially misstated.

The auditor might determine the likely sources of potential misstatements by asking himself or herself “what could go wrong? The risk factors that the auditor should evaluate in the identification as55 significant accounts and disclosures and their relevant assertions are the same in the audit of internal control over financial reporting as in the audit of the financial statements; accordingly, significant accounts and disclosures and their relevant assertions are the same for both audits.

In the financial statement audit, the auditor might perform substantive auditing procedures on financial statement accounts, disclosures and assertions that are not determined to be significant accounts and disclosures and relevant assertions. The components pxaob a potential significant account or disclosure might be subject to significantly differing risks.

If so, different controls might be necessary to adequately address those risks. When a company has multiple locations or business units, the auditor should identify significant accounts and disclosures and their relevant assertions based on the consolidated financial statements.

Having made those determinations, the auditor should then apply the direction in Appendix B for multiple locations scoping decisions.

To further understand the likely sources of potential misstatements, and as a part of selecting the controls to test, the auditor should achieve the following objectives. Because of the degree of judgment required, the auditor should either perform the procedures that achieve the objectives in paragraph 34 himself or herself or supervise the work of others who provide direct assistance to the auditor, as described in AU sec.

The auditor pcakb should understand how IT affects the company’s pcaoh of transactions. The identification of risks and controls within IT is not a separate evaluation.

Instead, it is an integral part of the top-down approach used to identify significant accounts and disclosures and their relevant assertions, and the controls to test, as well as ocaob assess risk and allocate audit effort as described by this standard.

Performing walkthroughs will frequently be the most effective way of achieving the objectives in paragraph In performing a walkthrough, pacob auditor follows a transaction from origination through the company’s processes, including information systems, until it is reflected in the company’s financial records, using the same documents and information technology that company personnel use.

Walkthrough procedures usually include a combination of inquiry, observation, inspection of relevant as, and re-performance of controls. In performing a walkthrough, at the points at which important processing procedures occur, the auditor questions the company’s personnel about their pcqob of what is required by the company’s prescribed procedures and controls.

These probing questions, combined with the other walkthrough procedures, allow the auditor to gain a sufficient understanding pcob the process and to be able to identify important points at which a necessary control is missing or not designed effectively. Additionally, probing questions that go beyond a narrow focus on the single transaction used as the basis for pfaob walkthrough allow the auditor to gain an understanding of the different pcalb of significant transactions handled by the process.

The auditor should test those controls that are important to the auditor’s conclusion about whether the company’s controls sufficiently address the assessed risk of misstatement to each relevant assertion.

There might be more than one control that addresses the assessed risk of misstatement to a particular relevant assertion; conversely, one control might address the assessed risk of misstatement to more than one relevant assertion. It is neither necessary to test all controls related to a relevant assertion nor pfaob to test redundant controls, unless redundancy is itself a control objective.

The decision as to whether a control should be selected for testing depends on which controls, individually or in combination, sufficiently address the assessed risk of misstatement to a given relevant assertion rather than on how the control is labeled e.

The auditor should test the design effectiveness of controls by determining whether the company’s controls, if they are operated as prescribed by persons possessing the necessary authority and competence to perform the control effectively, satisfy the company’s control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in pcapb financial statements.

A smaller, less complex company might achieve its control objectives in a different manner from a larger, more complex organization. For example, a smaller, less complex company might have fewer employees in the accounting function, limiting opportunities to segregate duties and leading pdaob company to implement alternative controls to achieve its control objectives.