Question

In: Accounting

Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements,"...

Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements," provides a guide for auditors when performing integrated audits. by visiting PCAOB website

How should the auditor determine which controls to test?

How might the auditor use evidence obtained in the audit of the financial statements when concluding on the effectiveness of internal control over financial reporting?

Solutions

Expert Solution

-Auditor should perform an audit of management's assessment of the effectiveness of internal control over financial reporting ("the audit of internal control over financial reporting") that is integrated with an audit of the financial statements.

-Effective internal control over financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes.If one or more material weaknesses exist, the company's internal control over financial reporting cannot be considered effective.

-The auditor's objective in an audit of internal control over financial reporting is to express an opinion on the effectiveness of the company's internal control over financial reporting. Because a company's internal control cannot be considered effective if one or more material weaknesses exist, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain appropriate evidence that is sufficient to obtain reasonable assurance about whether material weaknesses exist as of the date specified in management's assessment. A material weakness in internal control over financial reporting may exist even when financial statements are not materially misstated.

The audit of internal control over financial reporting should be integrated with the audit of the financial statements. The objectives of the audits are not identical, however, and the auditor must plan and perform the work to achieve the objectives of both audits.

- In an integrated audit of internal control over financial reporting and the financial statements, the auditor should design his or her testing of controls to accomplish the objectives of both audits simultaneously -

  • To obtain sufficient evidence to support the auditor's opinion on internal control over financial reporting as of year-end, and
  • To obtain sufficient evidence to support the auditor's control risk assessments for purposes of the audit of financial statements.

# Selection of control For Testing-

-The auditor should use a top-down approach to the audit of internal control over financial reporting to select the controls to test. A top-down approach begins at the financial statement level and with the auditor's understanding of the overall risks to internal control over financial reporting. The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions. This approach directs the auditor's attention to accounts, disclosures, and assertions that present a reasonable possibility of material misstatement to the financial statements and related disclosures. The auditor then verifies his or her understanding of the risks in the company's processes and selects for testing those controls that sufficiently address the assessed risk of misstatement to each relevant assertion.

-The auditor must test those entity-level controls that are important to the auditor's conclusion about whether the company has effective internal control over financial reporting. The auditor's evaluation of entity-level controls can result in increasing or decreasing the testing that the auditor otherwise would have performed on other controls.

-The auditor should test those controls that are important to the auditor's conclusion about whether the company's controls sufficiently address the assessed risk of misstatement to each relevant assertion.

-There might be more than one control that addresses the assessed risk of misstatement to a particular relevant assertion; conversely, one control might address the assessed risk of misstatement to more than one relevant assertion. It is neither necessary to test all controls related to a relevant assertion nor necessary to test redundant controls, unless redundancy is itself a control objective.

-The decision as to whether a control should be selected for testing depends on which controls, individually or in combination, sufficiently address the assessed risk of misstatement to a given relevant assertion rather than on how the control is labeled (e.g., entity-level control, transaction-level control, control activity, monitoring control, preventive control, detective control).

# Evidences & Conclusion-

- For each control selected for testing, the evidence necessary to persuade the auditor that the control is effective depends upon the risk associated with the control. The risk associated with a control consists of the risk that the control might not be effective and, if not effective, the risk that a material weakness would result. As the risk associated with the control being tested increases, the evidence that the auditor should obtain also increases.

-Although the auditor must obtain evidence about the effectiveness of controls for each relevant assertion, the auditor is not responsible for obtaining sufficient evidence to support an opinion about the effectiveness of each individual control. Rather, the auditor's objective is to express an opinion on the company's internal control over financial reporting overall. This allows the auditor to vary the evidence obtained regarding the effectiveness of individual controls selected for testing based on the risk associated with the individual control.

-The auditor must evaluate the evidences obtained and should analyze and assess the severity of each control deficiency that comes to his or her attention to determine whether the deficiencies, individually or in combination, are material weaknesses as of the date of management's assessment. In planning and performing the audit, however, the auditor is not required to search for deficiencies that, individually or in combination, are less severe than a material weakness.

-The severity of a deficiency depends on -

  • Whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure; and
  • The magnitude of the potential misstatement resulting from the deficiency or deficiencies.

-The severity of a deficiency does not depend on whether a misstatement actually has occurred but rather on whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement.

-After Evaluating the evidences the  auditor should form an opinion on the effectiveness of internal control over financial reporting by evaluating evidence obtained from all sources, including the auditor's testing of controls, misstatements detected during the financial statement audit, and any identified control deficiencies.If one or more material weaknesses exist, the company's internal control over financial reporting cannot be considered effective.


Related Solutions

True or False 1. In an audit of internal control over financial reporting, if the auditor...
True or False 1. In an audit of internal control over financial reporting, if the auditor identifies only one material weakness, the auditor is required to issue an adverse opinion on the effectiveness of the client's internal control over financial reporting. 2. The auditor's client outsources parts of its accounting functions to an independent service provider. The auditor plans to reduce control risk for transactions processed and balances maintained by the service provider. A. Because the service provider is independent...
Download and review the Guide to Internal Control Over Financial Reporting from the Center for Audit...
Download and review the Guide to Internal Control Over Financial Reporting from the Center for Audit Quality: Using short paragraphs answer the following questions. 1. What did the Foreign Corrupt Practices Act (FCPA) of 1977 codify concerning internal controls? 2. The FCPA requires public companies to...? (There are 4 requirements!) 3. Name the 4 recommended Internal Control Activities. 4. Are there set Internal Controls for Financial Reporting, or can they (or should they) be scaled to the company? 5. What...
(Auditing Principles & Procedures) List the steps in the audit of internal control over financial reporting...
(Auditing Principles & Procedures) List the steps in the audit of internal control over financial reporting (ICFR) , Explan each one. NO HAND WRITER PLZ, Thank you.
What are management's responsibilities related to internal control over financial reporting?
What are management's responsibilities related to internal control over financial reporting?
An integrated audit is defined as ___. an audit of a client’s financial statements both the...
An integrated audit is defined as ___. an audit of a client’s financial statements both the external and internal auditors performing the financial statement audit performing the financial statement audit and the audit of the effectiveness of internal control over financial reporting (ICFR) at the same time an audit of a client's system of internal control If an internal control exception is identified, the auditor___. must use their professional judgment to determine if the exception is a control deficiency, a...
Describe management’s responsibilities in implementing effective internal control over financial reporting in a public company.What responsibilities...
Describe management’s responsibilities in implementing effective internal control over financial reporting in a public company.What responsibilities did Koss Corporation’s management have to prevent or detect the embezzlement and accounting fraud?
[1] Describe management’s responsibilities in implementing effective internal control over financial reporting in a public company.What...
[1] Describe management’s responsibilities in implementing effective internal control over financial reporting in a public company.What responsibilities did Koss Corporation’s management have to prevent or detect the embezzlement and accounting fraud? [2] In what ways did Koss management fail in its responsibilities relating to internal control over financial reporting? Note: Please be brief but be specific—consider organizing your response in accordance with the components (and principles) of COSO’s 2013 Internal Control: Integrated Framework (which can be found at www.coso.org). [3]...
describe what is the difference between the audit of financial statements and the audit of internal...
describe what is the difference between the audit of financial statements and the audit of internal controls for U.S public companies. write 10-12 sentences.
Match the terms as they relate to internal control and/or auditor reporting on internal control with...
Match the terms as they relate to internal control and/or auditor reporting on internal control with the best description. Replies may be used more than once. List of terms: Adverse opinion As of date Complementary control Control Deficiency Detective control Material weakness None of the options apply Preventive Control Section 302 of the Sarbanes Oxley Act Significant deficiency 1. A control deficiency that allows more than a remote possibility of material misstatement 2. A control deficiency that allows more than...
Discuss in detail the Turkish financial reporting system and the independent audit of financial statements in...
Discuss in detail the Turkish financial reporting system and the independent audit of financial statements in Turkey. (The question I posted earlier was with handwriting and it was hard to read. Please answer with computer writing.)
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT