|
|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws and Rules – Standards – AS2
Auditing Standard No. 2: An Audit of Internal
Control Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
Required
Communications in An Audit of Internal Control
Over
Financial Reporting
207. The auditor must communicate in writing
to management and the audit
committee all significant deficiencies and
material weaknesses identified during the
audit. The written communication should be
made prior to the issuance of the auditor's
report on internal control over financial
reporting. The auditor's communication should
distinguish clearly between those matters
considered to be significant deficiencies and
those considered to be material weaknesses, as
defined in paragraphs 9 and 10,
respectively.
208. If a significant deficiency or material
weakness exists because the oversight of
the company's external financial reporting and
internal control over financial reporting by
the company's audit committee is ineffective,
the auditor must communicate that
specific significant deficiency or material
weakness in writing to the board of directors.
209. In addition, the auditor should
communicate to management, in writing, all
deficiencies in internal control over
financial reporting (that is, those
deficiencies in
internal control over financial reporting that
are of a lesser magnitude than significant
deficiencies) identified during the audit and
inform the audit committee when such a
communication has been made. When making this
communication, it is not necessary
for the auditor to repeat information about
such deficiencies that have been included in
previously issued written communications,
whether those communications were made
by the auditor, internal auditors, or others
within the organization. Furthermore, the
auditor is not required to perform procedures
sufficient to identify all control
deficiencies;
rather, the auditor should communicate
deficiencies in internal control over
financial
reporting of which he or she is aware.
Note: As part of his or her evaluation of the
effectiveness of internal control over
financial reporting, the auditor should
determine whether control deficiencies
identified by internal auditors and others
within the company, for example,
through ongoing monitoring activities and the
annual assessment of internal
control over financial reporting, are reported
to appropriate levels of management
in a timely manner. The lack of an internal
process to report deficiencies in
internal control to management on a timely
basis represents a control deficiency
that the auditor should evaluate as to
severity.
210. These written communications should state
that the communication is intended
solely for the information and use of the
board of directors, audit committee,
management, and others within the
organization. When there are requirements
established by governmental authorities to
furnish such reports, specific reference to
such regulatory agencies may be made.
211. These written communications also should
include the definitions of control
deficiencies, significant deficiencies, and
material weaknesses and should clearly
distinguish to which category the deficiencies
being communicated relate.
212. Because of the potential for
misinterpretation of the limited degree of
assurance
associated with the auditor issuing a written
report representing that no significant
deficiencies were noted during an audit of
internal control over financial reporting, the
auditor should not issue such representations.
213. When auditing internal control over
financial reporting, the auditor may become
aware of fraud or possible illegal acts. If
the matter involves fraud, it must be brought
to
the attention of the appropriate level of
management. If the fraud involves senior
management, the auditor must communicate the
matter directly to the audit committee
as
described in AU sec. 316, Consideration of
Fraud in a Financial Statement Audit. If
the matter involves possible illegal acts, the
auditor must assure himself or herself that
the audit committee is adequately informed,
unless the matter is clearly inconsequential,
in accordance with AU sec. 317, Illegal Acts
by Clients. The auditor also must
determine his or her responsibilities under
Section 10A of the Securities Exchange Act
of 1934.31/
31/ See 15 U.S.C. 78j-1.
214. When timely communication is important,
the auditor should communicate the
preceding matters during the course of the
audit rather than at the end of the
engagement. The decision about whether to
issue an interim communication should be
determined based on the relative significance
of the matters noted and the urgency of
corrective follow-up action required.
Effective
Date
215. Companies considered accelerated filers
under Securities Exchange Act Rule
12b-232/ are required to comply with the
internal control reporting and disclosure
requirements of Section 404 of the Act for
fiscal years ending on or after November 15,
2004.
(Other
companies have until fiscal years ending on or
after July 15, 2005, to
comply with these internal control reporting
and disclosure requirements.) Accordingly,
independent auditors engaged to audit the
financial statements of accelerated filers for
fiscal years ending on or after November 15,
2004, also are required to audit and report
on the company's internal control over
financial reporting as of the end of such
fiscal
year. This standard is required to be complied
with for such engagements, except as it
relates to the auditor's responsibilities for
evaluating management's certification
disclosures about internal control over
financial reporting. The auditor's
responsibilities
for evaluating management's certification
disclosures about internal control over
financial reporting described in paragraphs
202 through 206 take effect beginning with
the first quarter after the auditor's first
audit report on the company's internal control
over financial reporting.
32/ See 17 C.F.R. 240.12b-2.
216. Early compliance with this standard is
permitted.
|
|
| | |
