|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing
Standard No. 2: An Audit of Internal Control
Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
Performing an Audit
of Internal Control Over Financial
Reporting
27.
In an audit of internal control over financial
reporting, the auditor must
obtain
sufficient
competent evidence about the design and
operating effectiveness of
controls
over
all relevant financial statement assertions
related to all significant accounts
and
disclosures
in the financial statements.
The
auditor must plan and perform the audit to
obtain reasonable assurance that
deficiencies
that,
individually or in the aggregate, would
represent material weaknesses are identified.
Thus,
the audit is not designed to detect deficiencies
in internal control over financial
reporting
that,
individually or in the aggregate, are less
severe than a material weakness.
Because
of the potential significance of the information
obtained during the audit of the financial
statements to the auditor's conclusions about
the effectiveness of internal control over
financial
reporting,
the auditor cannot audit internal control over
financial reporting without
also
auditing
the financial statements.
Note:
However, the auditor may audit the financial
statements without also
auditing
internal control over financial reporting, for
example, in the case of
certain
initial public offerings by a company. See the
discussion beginning at
paragraph
145 for more information about the importance of
auditing both
internal
control over financial reporting as well as the
financial statements when
the
auditor is engaged to audit internal control
over financial reporting.
28.
The auditor must adhere to the general standards
(See paragraphs 30 through
36)
and fieldwork and reporting standards (See
paragraph 37) in performing an audit
of
a
company's internal control over financial
reporting. This involves the
following:
a.
Planning the engagement;
b.
Evaluating management's assessment
process;
c.
Obtaining an understanding of internal control
over financial reporting;
d.
Testing and evaluating design effectiveness of
internal control over
financial
reporting;
e.
Testing and evaluating operating effectiveness
of internal control over
financial
reporting; and
f.
Forming an opinion on the effectiveness of
internal control over financial
reporting.
29.
Even though some requirements of this standard
are set forth in a manner that
suggests
a sequential process, auditing internal control
over financial reporting
involves
a
process of gathering, updating, and analyzing
information. Accordingly, the
auditor
may
perform some of the procedures and evaluations
described in this section on
"Performing
an Audit of Internal Control Over Financial
Reporting" concurrently.
Applying General,
Fieldwork, and Reporting
Standards
30.
The general standards (See AU sec. 150,
Generally Accepted Auditing
Standards) are applicable to
an audit of internal control over financial
reporting. These
standards
require technical training and proficiency as an
auditor, independence in fact
and
appearance, and the exercise of due professional
care, including professional
skepticism.
31.
Technical Training and Proficiency. To perform
an audit of internal control
over
financial
reporting, the auditor should have competence in
the subject matter of internal
control
over financial reporting.
32.
Independence. The applicable requirements of
independence are largely
predicated
on four basic principles: (1) an auditor must
not act as management or as an
employee
of the audit client, (2) an auditor must not
audit his or her own work, (3)
an
auditor
must not serve in a position of being an
advocate for his or her client, and (4)
an
auditor
must not have mutual or conflicting interests
with his or her audit client.7/ If
the
auditor
were to design or implement controls, that
situation would place the auditor in
a
management
role and result in the auditor auditing his or
her own work. These
requirements,
however, do not preclude the auditor from making
substantive
recommendations
as to how management may improve the design or
operation of the
company's
internal controls as a by-product of an
audit.
(7)
See the Preliminary Note of Rule 2-01 of
Regulation S-X, 17 C.F.R.
210.2-01.
33.
The auditor must not accept an engagement to
provide internal
control-related
services
to an issuer for which the auditor also audits
the financial statements unless
that
engagement has been specifically pre-approved by
the audit committee. For any
internal
control services the auditor provides,
management must be actively
involved
and
cannot delegate responsibility for these matters
to the auditor. Management's
involvement
must be substantive and extensive. Management's
acceptance of
responsibility
for documentation and testing performed by the
auditor does not by itself
satisfy
the independence requirements.
34.
Maintaining independence, in fact and
appearance, requires careful attention,
as
is
the case with all independence issues when work
concerning internal control
over
financial
reporting is performed. Unless the auditor and
the audit committee are
diligent
in
evaluating the nature and extent of services
provided, the services might violate
basic
principles
of independence and cause an impairment of
independence in fact or
appearance.
35.
The independent auditor and the audit committee
have significant and distinct
responsibilities
for evaluating whether the auditor's services
impair independence in fact
or
appearance. The test for independence in fact is
whether the activities would
impede
the
ability of anyone on the engagement team or in a
position to influence the
engagement
team from exercising objective judgment in the
audits of the financial
statements
or internal control over financial reporting.
The test for independence in
appearance
is whether a reasonable investor, knowing all
relevant facts and
circumstances,
would perceive an auditor as having interests
which could jeopardize
the
exercise of objective and impartial judgments on
all issues encompassed within
the
auditor's
engagement.
|
|
| | |
