Auditing Standard No. Both have to do with Section of the Sarbanes—Oxley Act, which is reporting done by management and external auditors on the internal controls of the business. For instance, instead of emphasis being placed primarily on a prescriptive auditor focus, as AS2 did, AS5 uses a principles-based focus. Risk analysis begins at financial statement levels and there is an emphasized approach to entity-level controls. AS5 also features an increased focus on fraud and fraud awareness. AS5 also encourages auditors to reference and utilize the work of others.

Author:Mejind Kagat
Language:English (Spanish)
Published (Last):26 August 2018
PDF File Size:6.63 Mb
ePub File Size:8.34 Mb
Price:Free* [*Free Regsitration Required]

This in theory should have significantly lowered the amount of work to be done and the costs to be incurred. Furthermore, Auditing Standard 5 also encouraged auditors to rely on the work of others i. If management is unable do so, then external auditors have no other choice than to exercise their own judgment in determining what work must be done to arrive at an opinion regarding the adequacy of internal control. Management must now be able to articulate which assertions should be made about a particular account and what assertions each control provides coverage for.

Failure to document and evaluate all relevant assertions for each significant account. As a result, it becomes difficult if not impossible to ascertain whether all controls necessary to adequately report on an account are in place. Associating to an assertion the wrong controls, i. This situation can result from misunderstanding either the control or the assertion definition.

Claiming a control meets an assertion when it actually covers only a portion. For instance, the Completeness assertion is really composed of both Completeness and Cutoff; that is, all transactions are recorded in the proper period.

A control like bank reconciliations allows management to assert proper cut-off, but not the completeness of the transactions, which should have been recorded in the General Ledger.

However, while critical, the effort is not always simple. Control optimization also requires understanding which major classes of transactions in each cycle impact those accounts. Control frequency determines sample sizes and the nature of the tests tends to skew towards examination and re-performance.

Internal audit or independent management testers obtain evidence of the control and Management should consider utilizing an approach which considers the combined effect of Financial Reporting risk FR think Materiality and Impact and Internal Control risk IC think Likelihood , enabling them to assess the relative significance of controls and potential impact of control failures on Internal Control over Financial Reporting ICFR by calculating a numeric score based on objective risk criteria relevant to account balances, assertions, process and controls in a highly defined manner.

No longer would all controls be equal. Instead, those whose failure could result in a more significant misstatement of the results of operations and required disclosures would receive more robust, objective and timely scrutiny.

The firm of AC Lordi Consulting has developed such a testing methodology and then taken it one step further. For instance, an automated application control, in a well-controlled ERP environment, ensuring the summary of data compiled in the Accounts Receivable sub-ledger is completely and accurately recorded in the General Ledger is much less risky than the activities of an individual summarizing a list of invoices and then data-entering them to the General Ledger via a manual journal entry.

Failure of either control would result in relatively the same financial reporting risk, but the process and control risk of the latter would be significantly higher, So the second control would receive a higher ICFR score based on the Process and controls IC risk contribution This higher score would portend a more severe approach to testing, likely resulting in a larger sample size, performed more often and much closer to the end of the reporting period.

Additionally, this methodology permits an organization to both spread the work more evenly over the year by testing the controls with lower less risky ICFR scores earlier in earlier quarters while ensuring management tests controls with higher ICFR scores closer to end of the reporting year and the testing is assigned to the more objective and independent Internal Audit function.

Instead of the usual two-phased approach to testing where the bulk of the testing is performed perhaps nine months into the year, with the remainder done shortly after year-end, and all controls have samples drawn from each of the two periods, management can schedule the tests to occur during less demanding timeframes and Internal Audit can integrate its testing with existing audit responsibilities.

Their approach should clearly show how the evaluation focused efforts on riskier activities and should aid management in achieving their desired goal of reducing compliance costs by clearly demonstrating to the external auditors familiarity with what could go wrong. Such an approach should also provide senior management and the Board of Directors with greater assurance that their duties have been properly discharged. Knowing what controls can be omitted and what tests can be simplified amounts to understanding the importance associated to a control and the gaps that exist in meeting the assertions.

But with the right methodology, data structures and reporting toolsets, this exercise becomes straightforward and highly cost-effective.


Public Company Accounting Oversight Board

Two Board members, and only two members, must be Certified Public Accountants. Each member serves full-time, for staggered five-year terms. The organization has a staff of about and offices in 11 states in addition to its headquarters in Washington. Olson , a former member of the Federal Reserve Board of Governors. Auditors of public companies are prohibited by the Sarbanes-Oxley Act to provide non-audit services, such as consulting, to their audit clients.




Related Articles