|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing
Standard No. 2: An Audit of Internal Control
Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
Materiality
Considerations in an Audit of Internal Control
Over Financial Reporting
22.
The auditor should apply the concept of
materiality in an audit of internal
control
over
financial reporting at both the
financial-statement level and at the
individual
account-balance
level. The auditor uses materiality at the
financial-statement level in
evaluating
whether a deficiency, or combination of
deficiencies, in controls is a
significant
deficiency or a material weakness.
Materiality
at both the financial-statement level and the
individual account-balance level
is
relevant to planning the audit and designing
procedures.
Materiality
at the account-balance level is necessarily
lower than materiality at the
financial-statement
level.
23.
The same conceptual definition of materiality
that applies to financial
reporting
applies
to information on internal control over
financial reporting, including the
relevance
of
both quantitative and qualitative
considerations. (6)
•
The quantitative considerations are essentially
the same as in an audit of
financial
statements and relate to whether misstatements
that would not
be
prevented or detected by internal control over
financial reporting,
individually
or collectively, have a quantitatively material
effect on the
financial
statements.
•
The qualitative considerations apply to
evaluating materiality with
respect
to
the financial statements and to additional
factors that relate to the
perceived
needs of reasonable persons who will rely on the
information.
Paragraph
6 describes some qualitative
considerations.
(6) AU sec. 312, Audit
Risk and Materiality in Conducting an Audit,
provides
additional
explanation of materiality.
Fraud Considerations
in an Audit of Internal Control Over Financial
Reporting
24.
The auditor should evaluate all controls
specifically intended to address the
risks
of
fraud that have at least a reasonably possible
likelihood of having a material effect
on
the
company's financial statements. These controls
may be a part of any of the five
components
of internal control over financial reporting, as
discussed in paragraph 49.
Controls
related to the prevention and detection of fraud
often have a pervasive effect
on
the risk of fraud. Such controls include, but
are not limited to, the:
•
Controls restraining misappropriation of company
assets that could result
in
a material misstatement of the financial
statements;
•
Company's risk assessment
processes;
•
Code of ethics/conduct provisions, especially
those related to conflicts of
interest,
related party transactions, illegal acts, and
the monitoring of the
code
by management and the audit committee or
board;
•
Adequacy of the internal audit activity and
whether the internal audit
function
reports directly to the audit committee, as well
as the extent of the
audit
committee's involvement and interaction with
internal audit; and
•
Adequacy of the company's procedures for
handling complaints and for
accepting
confidential submissions of concerns about
questionable
accounting
or auditing matters.
25.
Part of management's responsibility when
designing a company's internal
control
over
financial reporting is to design and implement
programs and controls to
prevent,
deter,
and detect fraud. Management, along with those
who have responsibility for
oversight
of the financial reporting process (such as the
audit committee), should set
the
proper
tone; create and maintain a culture of honesty
and high ethical standards; and
establish
appropriate controls to prevent, deter, and
detect fraud. When management
and
those responsible for the oversight of the
financial reporting process fulfill
those
responsibilities,
the opportunities to commit fraud can be reduced
significantly.
26.
In an audit of internal control over financial
reporting, the auditor's evaluation
of
controls
is interrelated with the auditor's evaluation of
controls in a financial
statement
audit,
as required by AU sec. 316, Consideration of
Fraud in a Financial
Statement
Audit. Often, controls
identified and evaluated by the auditor during
the audit of internal
control
over financial reporting also address or
mitigate fraud risks, which the auditor
is
required
to consider in a financial statement audit.
If
the auditor identifies deficiencies in controls
designed to prevent and detect fraud during
the
audit of internal control over financial
reporting, the auditor should alter the nature,
timing, or extent of procedures to be performed
during the financial statement audit to be
responsive to such deficiencies, as provided in
paragraphs .44 and .45 of AU sec.
316. |
|
| | |
