|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing
Standard No. 2: An Audit of Internal Control
Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
This standard was approved by the
Securities and Exchange Commission on June 17,
2004, and is effective for audits of internal
control over financial reporting required by
Section 404(b) of the Sarbanes-Oxley Act of
2002.
Committee of
Sponsoring Organizations
Framework
14.
In the United States, the Committee of
Sponsoring Organizations ("COSO")
of
the
Treadway Commission has published Internal
Control – Integrated Framework.
Known
as the COSO report, it provides a suitable and
available framework for
purposes
of
management's assessment. For that reason, the
performance and reporting
directions
in this standard are based on the COSO
framework.
Other
suitable frameworks have been published in other
countries and may be developed in the future.
Such other suitable frameworks may be used in an
audit of internal control over
financial
reporting. Although different frameworks may not
contain exactly the same
elements
as COSO, they should have elements that
encompass, in general, all the
themes
in COSO. Therefore, the auditor should be able
to apply the concepts and
guidance
in this standard in a reasonable
manner.
15.
The COSO framework identifies three primary
objectives of internal control:
efficiency
and effectiveness of operations, financial
reporting, and compliance with
laws
and
regulations. The COSO perspective on internal
control over financial
reporting
does
not ordinarily include the other two objectives
of internal control, which are
the
effectiveness
and efficiency of operations and compliance with
laws and regulations.
However,
the controls that management designs and
implements may achieve more
than
one objective. Also, operations and compliance
with laws and regulations
directly
related
to the presentation of and required disclosures
in financial statements are
encompassed
in internal control over financial reporting.
Additionally, not all controls
relevant
to financial reporting are accounting controls.
Accordingly,
all controls that could materially affect
financial reporting, including
controls
that
focus primarily on the effectiveness and
efficiency of operations or compliance with laws
and regulations and also have a material effect
on the reliability of financial reporting, are a
part of internal
control
over financial reporting.
More
information about the COSO framework is included
in the COSO report and in AU sec. 319,
Consideration of Internal Control in a Financial
Statement Audit. (3) The COSO report also
discusses special considerations for internal
control over financial reporting for small and
medium-sized companies.
Inherent Limitations
in Internal Control Over Financial
Reporting
16.
Internal control over financial reporting cannot
provide absolute assurance of
achieving
financial reporting objectives because of its
inherent limitations. Internal
control
over financial reporting is a process that
involves human diligence and
compliance
and is subject to lapses in judgment and
breakdowns resulting from human
failures.
Internal
control over financial reporting also can be
circumvented by collusion
or
improper management override. Because of such
limitations, there is a risk
that
material
misstatements may not be prevented or detected
on a timely basis by internal
control
over financial reporting. However, these
inherent limitations are known
features
of
the financial reporting process. Therefore, it
is possible to design into the
process
safeguards
to reduce, though not eliminate, this
risk.
The Concept of
Reasonable Assurance
17.
Management's assessment of the effectiveness of
internal control over financial
reporting
is expressed at the level of reasonable
assurance. The concept of
reasonable
assurance
is built into the definition of internal control
over financial reporting and also
is
integral
to the auditor's opinion. (4) Reasonable
assurance includes the
understanding
that
there is a remote likelihood that material
misstatements will not be prevented
or
detected
on a timely basis. Although not absolute
assurance, reasonable assurance
is,
nevertheless,
a high level of assurance.
(3)The
Board adopted the generally accepted auditing
standards, as
described
in the AICPA Auditing Standards Board's ("ASB")
Statement on Auditing
Standards
No. 95, Generally Accepted Auditing Standards,
as in existence on April 16,
2003,
on an initial, transitional basis. The
Statements on Auditing
Standards
promulgated
by the ASB have been codified into the AICPA
Professional Standards,
Volume
1, as AU sections 100 through 900. References in
this standard to AU sections
refer
to those generally accepted auditing standards,
as adopted on an interim basis
in
PCAOB
Rule 3200T.
(4) See Final Rule:
Management's Reports on Internal Control Over
Financial
Reporting and
Certification of Disclosure in Exchange Act
Periodic Reports,
Securities
and
Exchange Commission Release No. 33-8238 (June 5,
2003) [68 FR 36636] for
further
discussion of reasonable
assurance. |
|
| | |
