|
|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws and Rules – Standards – AS2
Auditing Standard No. 2: An Audit of Internal
Control Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
This standard was approved by the
Securities and Exchange Commission on June 17,
2004, and is effective for audits of internal
control over financial reporting required by
Section 404(b) of the Sarbanes-Oxley Act of
2002.
Definitions Related
to Internal Control Over Financial
Reporting
7.
For purposes of management's assessment and the
audit of internal control over
financial
reporting in this standard, internal control
over financial reporting is defined
as
follows:
A
process designed by, or under the supervision
of, the company's principal
executive
and principal financial officers, or persons
performing similar functions,
and
effected by the company's board of directors,
management, and other
personnel,
to provide reasonable assurance regarding the
reliability of financial
reporting
and the preparation of financial statements for
external purposes in
accordance
with generally accepted accounting principles
and includes those
policies
and procedures that:
(1)
Pertain to the maintenance of records that, in
reasonable detail, accurately
and
fairly reflect the transactions and dispositions
of the assets of the
company;
(2)
Provide reasonable assurance that transactions
are recorded as
necessary
to permit preparation of financial statements in
accordance with
generally
accepted accounting principles, and that
receipts and
expenditures
of the company are being made only in accordance
with
authorizations
of management and directors of the company;
and
(3)
Provide reasonable assurance regarding
prevention or timely detection
of
unauthorized
acquisition, use or disposition of the company's
assets that
could
have a material effect on the financial
statements.
Note:
This definition is the same one used by the SEC
in its rules requiring
management
to report on internal control over financial
reporting, except the
word
"registrant" has been changed to "company" to
conform to the wording in
this
standard. (See Securities Exchange Act Rules
13a-15(f) and 15d-15(f). (2)
Note:
Throughout this standard, internal control over
financial reporting
(singular)
refers to the process described in this
paragraph. Individual controls
or
subsets
of controls are referred to as controls or
controls over financial
reporting.
(2) See 17 C.F.R. 240, 13a-15(f) and 15d-15(f).
8.
A control deficiency exists when the design or
operation of a control does not
allow
management or employees, in the normal course of
performing their assigned
functions,
to prevent or detect misstatements on a timely
basis.
• A
deficiency in design exists when (a) a control
necessary to meet the
control
objective is missing or (b) an existing control
is not properly
designed
so that, even if the control operates as
designed, the control
objective
is not always met.
• A
deficiency in operation exists when a properly
designed control does not
operate
as designed, or when the person performing the
control does not
possess
the necessary authority or qualifications to
perform the control
effectively.
9.
A significant deficiency is a control
deficiency, or combination of
control
deficiencies,
that adversely affects the company's ability to
initiate, authorize, record,
process,
or report external financial data reliably in
accordance with generally
accepted
accounting
principles such that there is more than a remote
likelihood that a
misstatement
of the company's annual or interim financial
statements that is more than
inconsequential
will not be prevented or
detected.
Note:
The term "remote likelihood" as used in the
definitions of significant
deficiency
and material weakness
(paragraph 10) has the same meaning as
the
term
"remote" as used in Financial Accounting
Standards Board Statement No.
5,
Accounting for Contingencies ("FAS No. 5").
Paragraph 3 of FAS No. 5
states:
When
a loss contingency exists, the likelihood that
the future event or
events
will confirm the loss or impairment of an asset
or the incurrence of
a
liability can range from probable to remote.
This Statement uses the
terms
probable, reasonably possible, and remote to
identify three areas
within
that range, as follows:
a.
Probable. The future event or events are likely
to occur.
b.
Reasonably possible. The chance of the future
event or
events
occurring is more than remote but less than
likely.
c.
Remote. The chance of the future events or
events occurring is slight.
Therefore,
the likelihood of an event is "more than remote"
when it is either
reasonably
possible or probable.
Note:
A misstatement is inconsequential if a
reasonable person would
conclude,
after
considering the possibility of further
undetected misstatements, that
the
misstatement,
either individually or when aggregated with
other misstatements,
would
clearly be immaterial to the financial
statements. If a reasonable
person
could
not reach such a conclusion regarding a
particular misstatement, that
misstatement
is more than
inconsequential.
|
|
| | |
