|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing
Standard No. 2: An Audit of Internal Control
Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
76. Understanding the Period-end
Financial Reporting Process.
The
period-end financial reporting process includes
the following:
•
The procedures used to enter transaction totals
into the general ledger;
•
The procedures used to initiate, authorize,
record, and process journal
entries
in the general ledger;
•
Other procedures used to record recurring and
nonrecurring adjustments
to
the annual and quarterly financial statements,
such as consolidating
adjustments,
report combinations, and classifications;
and
•
Procedures for drafting annual and quarterly
financial statements and
related
disclosures.
77.
As part of understanding and evaluating the
period-end financial reporting
process,
the auditor should evaluate:
•
The inputs, procedures performed, and outputs of
the processes the
company
uses to produce its annual and quarterly
financial statements;
•
The extent of information technology involvement
in each period-end
financial
reporting process element;
•
Who participates from
management;
•
The number of locations
involved;
•
Types of adjusting entries (for example,
standard, nonstandard,
eliminating,
and consolidating); and
•
The nature and extent of the oversight of the
process by appropriate
parties,
including management, the board of directors,
and the audit
committee.
78.
The period-end financial reporting process is
always a significant process
because
of its importance to financial reporting and to
the auditor's opinions on
internal
control
over financial reporting and the financial
statements. The auditor's
understanding
of the company's period-end financial reporting
process and how it
interrelates
with the company's other significant processes
assists the auditor in
identifying
and testing controls that are the most relevant
to financial statement risks.
79. Performing
Walkthroughs. The auditor should perform at
least one walkthrough
for
each major class of transactions (as identified
in paragraph 71). In a
walkthrough,
the
auditor traces a transaction from origination
through the company's
information
systems
until it is reflected in the company's financial
reports. Walkthroughs provide
the
auditor
with evidence to:
•
Confirm the auditor's understanding of the
process flow of transactions;
•
Confirm the auditor's understanding of the
design of controls identified
for
all
five components of internal control over
financial reporting, including
those
related to the prevention or detection of
fraud;
•
Confirm that the auditor's understanding of the
process is complete by
determining
whether all points in the process at which
misstatements
related
to each relevant financial statement assertion
that could occur
have
been identified;
•
Evaluate the effectiveness of the design of
controls; and
•
Confirm whether controls have been placed in
operation.
Note:
The auditor can often gain an understanding of
the transaction flow,
identify
and understand controls, and conduct the
walkthrough simultaneously.
80.
The auditor's walkthroughs should encompass the
entire process of initiating,
authorizing,
recording, processing, and reporting individual
transactions and controls for
each
of the significant processes identified,
including controls intended to address
the
risk
of fraud.
During
the walkthrough, at each point at which
important processing
procedures
or controls occur, the auditor should question
the company's personnel
about
their understanding of what is required by the
company's prescribed procedures
and
controls and determine whether the processing
procedures are performed as
originally
understood and on a timely basis. (Controls
might not be performed
regularly
but
still be timely.) During the walkthrough, the
auditor should be alert for exceptions
to
the
company's prescribed procedures and
controls.
81.
While performing a walkthrough, the auditor
should evaluate the quality of
the
evidence
obtained and perform walkthrough procedures that
produce a level of
evidence
consistent with the objectives listed in
paragraph 79. Rather than
reviewing
copies
of documents and making inquiries of a single
person at the company, the
auditor
should follow the process flow of actual
transactions using the same
documents
and
information technology that company personnel
use and make inquiries of
relevant
personnel
involved in significant aspects of the process
or controls.
To
corroborate information at various points in the
walkthrough, the auditor might ask
personnel
to describe their understanding of the previous
and succeeding processing or
control
activities
and to demonstrate what they do. In addition,
inquiries should include
followup
questions
that could help identify the abuse of controls
or indicators of fraud.
Examples
of follow-up inquiries include asking
personnel:
•
What they do when they find an error or what
they are looking for to
determine
if there is an error (rather than simply asking
them if they
perform
listed procedures and controls); what kind of
errors they have
found;
what happened as a result of finding the errors,
and how the errors
were
resolved. If the person being interviewed has
never found an error,
the
auditor should evaluate whether that situation
is due to good
preventive
controls or whether the individual performing
the control lacks
the
necessary skills.
•
Whether they have ever been asked to override
the process or controls,
and
if so, to describe the situation, why it
occurred, and what happened.
82.
During the period under audit, when there have
been significant changes in the
process
flow of transactions, including the supporting
computer applications, the
auditor
should
evaluate the nature of the change(s) and the
effect on related accounts to
determine
whether to walk through transactions that were
processed both before and
after
the change.
Note:
Unless significant changes in the process flow
of transactions, including
the
supporting computer applications, make it more
efficient for the auditor to
prepare
new documentation of a walkthrough, the auditor
may carry his or her
documentation
forward each year, after updating it for any
changes that have
taken
place.
|
|
| | |
