A1. For purposes of this standard, the terms listed below are defined as follows -. A2. A control objective provides a specific target against which to evaluate the. Re: PCAOB Release: Preliminary Staff Views – An Audit of Internal We fully support the PCAOB’s commitment to providing guidance on. General Auditing Standards. Reorg. Pre-Reorg. Reorganized Title. General Principles and Responsibilities. AS AU sec.

Author: Taubar Vusho
Country: Burundi
Language: English (Spanish)
Genre: Environment
Published (Last): 28 March 2015
Pages: 73
PDF File Size: 4.70 Mb
ePub File Size: 9.95 Mb
ISBN: 263-6-41796-454-2
Downloads: 28726
Price: Free* [*Free Regsitration Required]
Uploader: Balabar

For example, the standard explains that for audits of smaller and less complex companies, the auditor can appropriately reduce the amount of internal control testing. If management makes the types of disclosures described in paragraph C12 outside its annual report on internal control over financial reporting and includes them elsewhere within its annual report on the company’s financial statements, the auditor would not need to disclaim an opinion.

When another auditor has audited the financial statements and internal control over financial reporting of one or more subsidiaries, divisions, branches, or components of the company, the auditor should determine whether he or she may serve as the principal auditor and use the work and reports of another auditor as a basis, in part, for his or her opinion. AU Section – Independence. The auditor should communicate this information to the audit committee in a timely manner and prior to the issuance of the auditor’s report on internal control over financial reporting.

AU Section – Special Reports. Having made those determinations, the auditor should then apply the direction in Appendix B for multiple locations scoping decisions. As a result, it will eliminate auditors requiring companies to do work that isn’t necessary.

However, the auditor is not required to assess control risk at less than the maximum for all relevant assertions and, for pcob variety of reasons, the auditor may choose not to do so. As the risk associated with the control being tested increases, the evidence that the auditor should obtain also increases. If so, different controls might be necessary to adequately address those risks.

Effective internal control over financial reporting often includes a combination of preventive and detective controls. The auditor may present the combined language either as a separate paragraph or as part of the paragraph that identifies the material weakness.


The auditor must communicate, in writing, to management and the audit committee all material weaknesses identified during the audit. In lower-risk locations or business units, the auditor first might evaluate whether testing entity-level controls, including controls in place to provide assurance that appropriate controls exist throughout the organization, provides the auditor with sufficient evidence.

In particular, he says audits today are prolonged, require more personnel, and auditors have an overly broad definition of “materiality”, than what is relevant to SOX. Misstatements detected by substantive procedures.

Additionally, probing questions that go beyond a narrow focus on the single transaction used as the basis for the walkthrough allow the auditor to gain an understanding of the different types of significant transactions handled by the process. The risk factors that the auditor should evaluate in the identification of significant accounts and disclosures and their pcao assertions are the same in the audit of internal control over financial reporting as in the audit of the financial statements; accordingly, significant accounts and disclosures and their relevant assertions are the same for both audits.

If the auditor obtains knowledge about subsequent events that materially and adversely affect the effectiveness of the company’s internal control over financial reporting as of the date specified in the assessment, the auditor should issue an adverse opinion on internal control over financial reporting and follow the direction in paragraph C2 if management’s assessment states that internal control over financial reporting is effective.

This description also should address the requirements in paragraph The evaluation of whether a control deficiency presents a reasonable possibility of misstatement can be made without quantifying the ax5 of occurrence as a specific percentage or range.

To determine when to reestablish a baseline, the auditor should evaluate the following factors – The effectiveness of the IT control environment, including controls over application and system software acquisition and maintenance, access controls and computer operations.

Use of Service Organizations B Evaluating Consistency of Financial Statements. The availability and reliability of a report of the compilation dates of the programs placed in production.

To express an opinion on internal control over financial reporting taken as a whole, the auditor must obtain evidence about the effectiveness of selected controls over all relevant assertions. The auditor should use the same suitable, recognized control framework to perform his or her audit of internal control over financial reporting as management uses for its annual evaluation of the effectiveness of the company’s internal control over financial reporting.


Indications of management bias in making accounting estimates and in selecting accounting principles.

Auditing Standard No. 5

Effective internal control over financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes. Further, for an individual control, different combinations of the nature, timing, and extent of testing may provide sufficient evidence in relation to the risk associated with the control. Matters Included in the Audit Ppcaob Letter. Communications with Audit Committees.

In determining the locations or business units at which to perform tests of controls, the auditor may take az5 account work performed by others on behalf of management.

Leveraging Auditing Standard No.5 to Streamline SOX Compliance

If, after discussing the matter with management, the auditor concludes that a material misstatement of fact remains, the auditor should notify management and the audit committee, in writing, of the auditor’s views concerning the information.

To obtain additional information about whether changes have occurred that might affect the effectiveness of the company’s internal control over financial reporting and, therefore, the auditor’s report, the auditor should inquire about and examine, for this subsequent period, the following.

Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. The auditor may issue a report disclaiming an opinion on internal control over financial reporting as soon as the auditor concludes that a scope limitation will prevent the auditor from obtaining the reasonable assurance necessary to express an opinion.

Consideration of Materiality in Planning and Performing an Audit. AU Section – Compliance Auditing. In such circumstances, the auditor must determine his or her responsibilities under AU sec. The auditor should test the operating effectiveness of a control by determining whether the control is operating as designed and whether the person performing the control possesses the necessary authority and competence to perform the control effectively.

Background and Basis for Conclusions.