|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing
Standard No. 2: An Audit of Internal Control
Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
64.
An account also may be considered significant
because of the exposure to
unrecognized
obligations represented by the account. For
example, loss reserves
related
to a self-insurance program or unrecorded
contractual obligations at a
construction
contracting subsidiary may have historically
been insignificant in amount,
yet
might represent a more than remote likelihood of
material misstatement due to
the
existence
of material unrecorded claims.
65.
When deciding whether an account is significant,
it is important for the auditor
to
evaluate
both quantitative and qualitative factors,
including the:
•
Size and composition of the
account;
•
Susceptibility of loss due to errors or
fraud;
•
Volume of activity, complexity, and homogeneity
of the individual
transactions
processed through the account;
•
Nature of the account (for example, suspense
accounts generally warrant
greater
attention);
•
Accounting and reporting complexities associated
with the account;
•
Exposure to losses represented by the account
(for example, loss
accruals
related to a consolidated construction
contracting subsidiary);
•
Likelihood (or possibility) of significant
contingent liabilities arising from
the
activities
represented by the account;
•
Existence of related party transactions in the
account; and
•
Changes from the prior period in account
characteristics (for example,
new
complexities or subjectivity or new types of
transactions).
66.
For example, in a financial statement audit, the
auditor might not consider the
fixed
asset accounts significant when there is a low
volume of transactions and when
inherent
risk is assessed as low, even though the
balances are material to the
financial
statements.
Accordingly, he or she might decide to perform
only substantive
procedures
on such balances. In an audit of internal
control over financial
reporting,
however,
such accounts are significant accounts because
of their materiality to the
financial
statements.
67.
As another example, the auditor of the financial
statements of a financial
institution
might not consider trust accounts significant to
the institution's financial
statements
because such accounts are not included in the
institution's balance sheet
and
the associated fee income generated by trust
activities is not material.
However,
in determining whether trust accounts are a
significant account for purposes of
the
audit of internal control over financial
reporting, the auditor should assess whether
the
activities of the trust department are
significant to the institution's financial
reporting,
which
also would include considering the contingent
liabilities that could arise if a trust
department
failed to fulfill its fiduciary responsibilities
(for example, if investments were
made
that were not in accordance with stated
investment policies).
When
assessing the significance of possible
contingent liabilities, consideration of the
amount
of assets under the trust department's control
may be useful. For this reason,
an
auditor who has not considered trust accounts
significant accounts for purposes of
the
financial
statement audit might determine that they are
significant for purposes of the audit
of
internal
control over financial
reporting.
68.
Identifying Relevant Financial Statement
Assertions. For each
significant
account,
the auditor should determine the relevance of
each of these financial
statement assertions:
(13)
•
Existence or occurrence;
•
Completeness;
•
Valuation or allocation;
•
Rights and obligations; and
•
Presentation and disclosure.
(13)
See AU sec. 326, Evidential Matter, which
provides additional information
on
financial statement
assertions.
69.
To identify relevant assertions, the auditor
should determine the source of
likely
potential
misstatements in each significant account. In
determining whether a
particular
assertion
is relevant to a significant account balance or
disclosure, the auditor should
evaluate:
•
The nature of the assertion;
•
The volume of transactions or data related to
the assertion; and
•
The nature and complexity of the systems,
including the use of
information
technology
by which the company processes and controls
information
supporting
the assertion.
70.
Relevant assertions are assertions that have a
meaningful bearing on whether
the
account is fairly stated. For example, valuation
may not be relevant to the cash
account
unless currency translation is involved;
however, existence and
completeness
are
always relevant. Similarly, valuation may not be
relevant to the gross amount of
the
accounts
receivable balance, but is relevant to the
related allowance accounts.
Additionally,
the auditor might, in some circumstances, focus
on the presentation and
disclosure
assertion separately in connection with the
period-end financial reporting
process.
71.
Identifying Significant Processes and Major
Classes of Transactions. The
auditor
should
identify each significant process over each
major class of transactions
affecting
significant
accounts or groups of accounts. Major classes of
transactions are those
classes
of transactions that are significant to the
company's financial statements.
For
example,
at a company whose sales may be initiated by
customers through personal
contact
in a retail store or electronically through use
of the internet, these types of
sales
would
be two major classes of transactions within the
sales process if they were both
significant
to the company's financial statements. As
another example, at a company
for
which fixed assets is a significant account,
recording depreciation expense would
be
a
major class of transactions.
72.
Different types of major classes of transactions
have different levels of
inherent
risk
associated with them and require different
levels of management supervision
and
involvement.
For this reason, the auditor might further
categorize the identified major
classes
of transactions by transaction type: routine,
nonroutine, and estimation.
•
Routine transactions are recurring financial
activities reflected in the
accounting
records in the normal course of business (for
example, sales,
purchases,
cash receipts, cash disbursements,
payroll).
•
Nonroutine transactions are activities that
occur only periodically (for
example,
taking physical inventory, calculating
depreciation expense,
adjusting
for foreign currencies). A distinguishing
feature of nonroutine
transactions
is that data involved are generally not part of
the routine flow
of
transactions.
•
Estimation transactions are activities that
involve management judgments
or
assumptions in formulating account balances in
the absence of a
precise
means of measurement (for example, determining
the allowance
for
doubtful accounts, establishing warranty
reserves, assessing assets for
impairment).
73.
Most processes involve a series of tasks such as
capturing input data, sorting
and
merging data, making calculations, updating
transactions and master files,
generating
transactions, and summarizing and displaying or
reporting data. The
processing
procedures relevant for the auditor to
understand the flow of
transactions
generally
are those activities required to initiate,
authorize, record, process and
report
transactions.
Such activities include, for example, initially
recording sales orders,
preparing
shipping documents and invoices, and updating
the accounts receivable
master
file. The relevant processing procedures also
include procedures for
correcting
and
reprocessing previously rejected transactions
and for correcting erroneous
transactions
through adjusting journal
entries.
74.
For each significant process, the auditor
should:
•
Understand the flow of transactions, including
how transactions are
initiated,
authorized, recorded, processed, and
reported.
•
Identify the points within the process at which
a misstatement – including
a
misstatement due to fraud – related to each
relevant financial statement
assertion
could arise.
•
Identify the controls that management has
implemented to address these
potential
misstatements.
•
Identify the controls that management has
implemented over the
prevention
or timely detection of unauthorized acquisition,
use, or
disposition
of the company's assets.
Note:
The auditor frequently obtains the understanding
and identifies the
controls
described above as part of his or her
performance of walkthroughs (as
described
beginning in paragraph 79).
75.
The nature and characteristics of a company's
use of information technology
in
its
information system affect the company's internal
control over financial reporting.
AU
sec.
319, Consideration of Internal Control in a
Financial Statement Audit,
paragraphs
.16
through .20, .30 through .32, and .77 through
.79, discuss the effect of
information
technology
on internal control over financial
reporting.
|
|
| | |
