|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing
Standard No. 2: An Audit of Internal Control
Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
18.
Just as there are inherent limitations on the
assurance that effective
internal
control
over financial reporting can provide, as
discussed in paragraph 16, there
are
limitations
on the amount of assurance the auditor can
obtain as a result of
performing
his
or her audit of internal control over financial
reporting. Limitations arise because
an
audit
is conducted on a test basis and requires the
exercise of professional
judgment.
Nevertheless,
the audit of internal control over financial
reporting includes obtaining an
understanding
of internal control over financial reporting,
testing and evaluating the
design
and operating effectiveness of internal control
over financial reporting, and
performing
such other procedures as the auditor considers
necessary to obtain
reasonable
assurance about whether internal control over
financial reporting is
effective.
19.
There is no difference in the level of work
performed or assurance obtained
by
the
auditor when expressing an opinion on
management's assessment of
effectiveness
or
when expressing an opinion directly on the
effectiveness of internal control
over
financial
reporting. In either case, the auditor must
obtain sufficient evidence to
provide
a
reasonable basis for his or her opinion and the
use and evaluation of
management's
assessment
is inherent in expressing either
opinion.
Note:
The auditor's report on internal control over
financial reporting does not
relieve
management of its responsibility for assuring
users of its financial reports
about
the effectiveness of internal control over
financial reporting.
Management's
Responsibilities in an Audit of Internal
Control
Over Financial
Reporting
20.
For the auditor to satisfactorily complete an
audit of internal control over
financial
reporting,
management must do the following:
(5)
a.
Accept responsibility for the effectiveness of
the company's internal control
over
financial reporting;
b.
Evaluate the effectiveness of the company's
internal control over financial
reporting
using suitable control
criteria;
c.
Support its evaluation with sufficient evidence,
including documentation;
and
d.
Present a written assessment of the
effectiveness of the company's
internal
control over financial reporting as of the end
of the company's
most
recent fiscal year.
21.
If the auditor concludes that management has not
fulfilled the responsibilities
enumerated
in the preceding paragraph, the auditor should
communicate, in writing, to
management
and the audit committee that the audit of
internal control over financial
reporting
cannot be satisfactorily completed and that he
or she is required to disclaim
an
opinion.
Paragraphs 40 through 46 provide information for
the auditor about evaluating
management's
process for assessing internal control over
financial reporting.
(5)
Management is required to fulfill these
responsibilities. See Items
308(a)
and
(c) of Regulation S-B and S-K, 17 C.F.R. 228.308
(a) and (c) and 229.308 (a) and
(c),
respectively. |
|
| | |
