As it is stated in the gap sum-up, Auditing Standard No. 5 focal points on the “ audit of internal control over fiscal coverage that is integrated with an audit of fiscal statements and related independency regulation and conforming amendments ” . What this memo seeks to specifically carry through is to supply a description of the top down attack to an audit of internal control every bit good as depicting what a stuff failing is versus a important lack.
As described in paragraph 21 of AS5, the top down attack is more of a consecutive idea procedure to follow instead than the exact order in which the hearer should execute in the auditing processs. It begins with placing the entity-level controls, so moves on to placing the important histories and revelations along with their relevant averments, so understanding likely beginnings of misstatement in the important histories and revelations, and eventually choosing controls to prove.
When placing the entity degree controls, the hearer must prove those controls that are of import to the decision, ensuing in either an addition or lessening in the sum of proving the hearer otherwise would hold performed on the other controls. AS5 inside informations that entity degree controls vary in nature and preciseness, such as:
“ Some controls have an of import, indirect, consequence on the likeliness that a misstatement will be detected ”
“ Some controls monitor the effectivity of other controls ”
“ Some controls may be designed to run at a degree of preciseness to forestall or observe misstatements to one more relevant averments. ”
As stated in AS5, entity degree controls include: controls related to the control environment, controls over direction override, the company ‘s hazard appraisal procedure, centralized procedure and controls, controls to supervise consequences of operations, controls to supervise other controls, controls over the period-end fiscal coverage procedure, and policies that address important concern controls and hazard direction patterns.
As portion of placing the entity degree controls, the hearer must measure the control environment every bit good as the period terminal fiscal coverage procedure. When measuring the control environment, that hearer should look at ; direction ‘s doctrine and operating manner towards effectual internal controls, they have sound unity and ethical values in topographic point, and whether the Board or scrutinize commission exercising and understand inadvertence duties. The period terminal coverage procedure includes processs ; to come in dealing sums in the general leger, those related to the selection/application of accounting policies, those used in journal entries in the general leger, those used to enter accommodations to the fiscal statements, and those used in fixing the fiscal statements. There is a list of what the hearer should asses when measuring the period terminal fiscal coverage procedure which includes ; inputs and end products of the company procedure used in the fiscal statements, the extent of IT engagement, direction engagement, locations involved, types of adjusting and consolidating entries, and the sum of inadvertence by direction, the board of managers, and the audit commission.
In summing up of measuring the entity degree controls, it is clear that AS5 places a big accent on the hearer to analyze all countries, as many controls may hold impacts upon others that are non first apparent to the hearer. The hearer must carefully analyze how each control is influenced, as these controls cover a broad assortment of subjects, and how their environment is influenced can be of great importance in understanding their effectivity.
The following measure in the top down attack is for the hearer to place important histories and revelations and their relevant averments. AS5 describes relevant averments as “ those fiscal statement averments that have a sensible possibility of incorporating a misstatement that would do the fiscal statements to be materially misstated. ” The averments that are included in AS5 include being or happening, completeness, rating or allotment, rights and duties and presentation and revelation. AS5 lists several hazard factors, both qualitative and quantitative, that the hearer should look at when placing important histories and revelations. These include: size and composing of the history, susceptibleness to misstatement due to mistakes or fraud, the volume of activity every bit good as complexness and homogeneousness, nature of the history or revelation, accounting and coverage complexnesss, exposure to losingss in the history, possibility of important contingent liabilities, being of related party minutess, and alterations from the anterior period in history or revelation features. AS5 besides goes on to province that the hearer should inquire themselves “ what could travel incorrect? ” with given histories and revelations in order to better find possible misstatements, every bit good as saying that the hazard factors associated with the scrutinizing the internal control are the same as in the audit of fiscal statements. It besides states that histories and revelations might be capable to differing hazards, and such different controls would be necessary to counter those hazards. And when a company has multiple locations, that hearer should analyze the amalgamate statements to in order to place the important histories and revelations.
For the following measure in the procedure, AS5 lists 4 aims with which the hearer should make to understand the likely beginnings of misstatements, which are ; understanding the flow of minutess including how they are initiated, authorized, processed, and recorded, verifying the hearer has identified points within the company ‘s procedures where misstatements may go on that could be material, place controls direction has implemented, and place controls that direction has implemented over the bar or sensing of unauthorised acquisition, usage or temperament of company assets that could be material. AS5 states that the above processs should be carried straight by the hearer or by an helper that the hearer supervises due to the grade of judgement required in transporting them out. In measuring IT, the hearer needs to understand how it affects the company and the flow of its minutess. It is non a separate rating, but portion of the top-down attack.
AS5 states that walkthroughs are the most effectual manner to transport out the aims listed supra. Performing a walkthrough requires the hearer to follow a dealing wholly through the full procedure from start to stop, analyzing cardinal points and oppugning forces about the processs and controls. This allows the hearer to derive a sufficient apprehension in order to acknowledge countries of failing or countries missing in certain control processs.
The concluding subject in discoursing the top down attack is choosing controls to prove. The controls that are the most of import for the hearer ‘s decision in measuring a company ‘s hazard of misstatement are the 1s the hearer should prove. AS5 besides states that it is n’t necessary to prove controls that are related in that they address similar hazard, and it is non necessary to prove redundant controls. The determination on whether a control should be tested depends on how it addresses the hazard of misstatement, non by the type of label given to the control.
AS5 defines a material failing as a lack in internal control that there is a sensible possibility, which means likely, that a material misstatement will non be detected or prevented by the controls. This is similar to a important lack. However, a important lack is non every bit terrible as a stuff failing but still requires attending. The indexs given to find a stuff failing are:
Restatement to rectify a material misstatement
Designation of a material misstatement that would non hold been detected by the company ‘s internal controls
Ineffective company audit commission with inadvertence on the fiscal coverage and internal controls.
When describing to the audit commission, the hearer is required to make many things. They must pass on all stuff failings that were identified during the audit, which should be made prior to the hearers ‘ study. They must besides pass on in composing all important lacks to the audit commission. If for any ground the hearer believes the audit commission is uneffective, the hearer should describe their findings to the board of managers. The hearer must merely pass on lacks they are cognizant of, and since the hearer can non guarantee that it has found all lacks less severe than a material one, the hearer does non hold to publish a statement that they are noted in the audit. If fraud or illegal Acts of the Apostless are found, the hearer must cite the appropriate paperss to find their class of action.
When publishing an hearers ‘ study, the hearer does non describe as many particulars as it does with the audit commission study. Alternatively of pass oning all stuff failings found along with any important lacks, that hearer must merely pass on a statement of sentiment on the consequences of the audit. This includes a statement on the hearers ‘ sentiment as to whether the company maintained effectual internal control.