The intent of this memo is to sum up selected paragraphs of AS5 to organize an apprehension of how the top down attack is applied to an audit of internal controls.
It is besides to explicate the difference between a stuff failing and a important lack by supplying a list of indexs of stuff failings, every bit good as an account of how both a stuff failing and a important lack will be communicated to the audit commission and on the hearer ‘s study.
Top Down Approach
The intent of utilizing the top down attack for an audit of internal controls is to let the hearer to take a systematic attack to place hazards and select which controls to prove. The top down attack begins with the hearer organizing a general apprehension of the entity and the industry in which it operates. This is accomplished by looking at the company ‘s fiscal statements, and geting general concern cognition.The hearer so looks at the entity-level controls of the company to guarantee that sufficient policies and processs are implemented to acknowledge misstatements, due to error or fraud, in a timely mode so that stuff misstatements do non impact the fiscal statements. The two most of import types of entity-level controls are those related to the control environment, and those over the period-end fiscal coverage procedure.
Controls over the control environment should measure how direction promotes ethical values and unity, every bit good as whether or non the Board of Directors or the audit commission has assumed the duty of the truth and completeness of the fiscal statements and internal controls. Controls over the period-end fiscal coverage procedure should measure the methods used to come in information to the general leger, how much IT is used in the fiscal coverage procedure, types of adjusting and consolidation entries, and the engagement of direction, Board of Directors, and the audit commission in the period-ending fiscal coverage procedure.Other entity-level controls that must be taken into history include controls over direction override, the company ‘s hazard appraisal procedure, centralized processing controls, controls that proctor operations, and controls that monitor other controls. It is of import to understand that entity-level controls vary both in nature and preciseness. Some entity-level controls merely indirectly affect the likeliness of observing or forestalling material misstatements, whereas others are specifically designed to supervise the effectivity of the other controls. The more precise the control, the less tests the hearer must execute on those controls.
Next, the hearer identifies any important histories and revelations, and their relevant averments. Relevant averments are fundamentally hazardous fiscal statement averments. Financial statement averments show that a dealing has occurred, is complete, is valued right, has transferred ownership to the company, and is decently presented on the fiscal statements. A relevant averment, hence, would be any of these fiscal statement averments that are exceptionally vulnerable to holding a misstatement and could do the fiscal statements to be materially misstated. Significant histories and revelations that require more attending are those that are larger in size, are more susceptible to misstatements, are really complex, incorporate a larger volume of minutess during the period, have realized losingss during the period, involve a high likeliness of related party minutess within the history, or there has been a important alteration in the accounting methods used from last twelvemonth. It is good for the hearer to travel through the fiscal statements, and for each history and revelation insight all the ways it could hold been misstated to place as many hazardous countries as possible. Hazard factors, every bit good as important histories and revelations, and their relevant averments will be the same for both the audit of internal controls every bit good as the fiscal statement audit.
When scrutinizing an endeavor with multiple concern entities, the hearer should utilize the amalgamate fiscal statements to place important histories and revelations.The following measure is for the hearer to understand likely beginnings of misstatement. In order to make this, the hearer should accomplish a series of aims. These aims include the hearer being able to demo where there are exposures in a company ‘s internal controls that could ensue in stuff misstatements to the fiscal statements, and what controls direction has implemented to cut down these hazards.
The best manner for the hearer to accomplish these aims is by executing walkthroughs. A walkthrough is when the hearer follows a dealing from its inception until it reaches the fiscal records, and makes certain that all of the control processs were conducted decently. It is of import that the hearer conducts these types of processs him or herself and takes careful notes about what type of information engineering is used, every bit good as what force is involved in each processing process.The concluding measure in the top down attack is to choose which controls to prove. The hearer should prove each control that is the most of import in finding whether or non a peculiar hazard has been sufficiently addressed. If two controls address the same hazard, it may non be necessary to prove both controls. Besides, it may non be necessary to turn to two hazards individually if one control sufficiently addresses both of them.
Together, the trials of these internal controls will supply the hearer with a decision about the effectivity of the internal controls over fiscal coverage.
Material Weakness or Significant Deficiency
The difference between a stuff failing and a important lack is merely that a important lack is less terrible. A important lack is, nevertheless, still hazardous plenty for the hearer to allow direction cognize so that they may hold a opportunity to acquire rid of the job.
If direction does non sufficiently address the job within one twelvemonth, the lack becomes a material failing. All material failings must be communicated to both direction and the audit commission every bit good as mentioned in the hearer ‘s study on internal controls over fiscal coverage. A material failing is a job with the internal controls over fiscal coverage that will most likely consequence in an of import mistake on the fiscal statements that would change creditors and investors sentiments about the company.
Indexs of Material Weaknesses
Auditing Standard five references four of import indexs of stuff failings to assist the hearer find what lacks are considered material failings. The first index of stuff failing is if there is any grounds that shows there may be fraud present. The 2nd occurs when direction alters the fiscal statements to repair a material misstatement that they found.
The 3rd is when the hearer finds a material misstatement and informs direction about the job. The 4th is an appraisal of the audit commission. If the audit commission is making a hapless occupation moving as inadvertence over the fiscal coverage procedure of the company, there may be an increased likeliness of a material failing. If any or all of these indexs are present for a given lack, the hearer should compare the facts with what a sensible professional would see to be in conformity with GAAP. If this is determined non to be true, the hearer must see this lack a stuff failing and unwrap it on the hearer ‘s study of internal controls over fiscal coverage.
Communicating to the Audit Committee and on the Auditor ‘s study
The hearer is required to describe any and all lacks found to direction in authorship and state the audit commission about this communicating. If the lack has already been revealed to direction through different agencies, the hearer does non necessitate to reiterate this communicating. If a stuff failing is discovered, the hearer must pass on it to direction and the audit commission foremost, and so unwrap it in the hearer ‘s study.
If a lack is determined to be important, the audit commission, every bit good as direction, must be informed in authorship. The hearer is non responsible to describe control deficiencies he or she is non cognizant of, nor is he or she responsible to supply confidence that all lacks have been discovered.The top down attack is a systematic method of measuring hazard that an hearer uses to turn up specific countries of hazard in a company ‘s internal controls over fiscal coverage, and choose the best trials to do certain these hazards are sufficiently addressed. The top down attack requires the hearers to get down by understanding a company and its industry, so traveling down to the company ‘s entity-level controls, so to important histories and revelations and their relevant averments, so double look into that the hearer has a complete apprehension of the hazards, and so eventually choose the controls that are necessary to prove to do certain that all hazards have been addressed. The chief difference between a stuff failing and a important lack is that a important lack is less terrible. Besides, although both must be communicated, in authorship, to both direction and the audit commission, merely a material failing must be disclosed in the hearer ‘s study.