物质虚弱与显著缺陷比较

发布时间：2016-03-15 16:43

自顶向下的方法是一个用于控制测试过程内部控制财务报表。它遵循三个步骤:首先,自上而下的方法开始在财务报表层面与审计师对财务报表的理解;然后审计师关注实体级控制找到重要的账户和信息披露的弱点;最后一步是验证过程审计风险的理解,在公司为了解决评估风险的控制进行测试。整个方法用于直接审计的关注账户信息的披露和断言，，可能会存在误差。
以自顶向下方法的步骤开始,测试实体级控制在自顶向下方法是很重要的，因为它可以通知审计公司是否有有效的财务报告内部控制。有几种方法来识别实体级控制：一个是在不同的功能上有差别，例如,一些控制很重要,但间接影响显示错报。他们可能会影响其他控制审计师选择的测试。其他一些控制监测其他控件的有效性,它们被用于识别故障低水平控制。有些实体级控制设计操作的精度水平,防止或发现在时间的基础上进行舞弊行为。第二种方法来识别实体级控制是验证连接控制:控制相关的控制环境,控制管理覆盖。

由上而下的内部控制审计方法Top-Down Approach to an Audit of Internal Control

The top-down approach is a process for controls testing of internal control over financial reporting. It follows three steps. First, top-down approach starts at the financial statement level with the auditor's understanding about financial reports. Then the auditor focuses on entity-level controls to find significant accounts and disclosure the weakness. The last step is verifying the auditors' understanding of risks of the process in company in order to test the controls that address the assessed risk. The whole approach direct audit's attention on accounts disclosures and assertions that likely misstated.

As the beginning step of top-down approach, the test of entity-level controls is important in top-down approach since it can inform the auditor whether the company has effective internal controls over financial reporting. There are several ways to identify entity-level controls. One is vary them in different functions. For instance, some controls have an important but indirect effect to show the misstatement. They might affect other control that auditor selected to test. Some other controls monitor the effectiveness of other controls and they are used to identify the breakdowns in lower level controls. Some entity-level controls are designed to operate at a level of precision to prevent or detect misstatements on time basis. The second way to identify entity-level control is to verify the connections in controls: controls related to the control environment, and controls over management override. In order to evaluating the control environment, the auditor needs to make sure there are no doubt on three parts including the effectiveness of management's philosophy or operating style on internal control over financial reporting; the understanding of integrity and ethical values of top management; the understanding of exercises oversight responsibility over financial reporting and internal controls of board or audit committee.

Relevant assertions have a possibility of containing a misstatement which may cause the misstatement of financial statement. They include existence or occurrence, completeness, valuation or allocation, rights and obligations, presentation and disclosures. In order to identify significant accounts and disclosures and their relevant assertions, the audit was required to evaluate the qualitative and quantitative risk factors relate to the financial statementline items and disclosures. The risk factors include size and composition of account, susceptibility to misstatement due to errors or fraud, volume of activity, complexity and homogeneity of the individual transaction, nature of the account, exposure to loses in the account, possibility of liabilities arising from the activities reflected in the disclosure, existence of related party transactions in the disclosure and changes from the pre-period in disclosure. The audit also needs to determine the source of potential misstatements. The risk factors are the same in the audit of internal control over financial reporting as in the audit of the financial statements. When the company has many locations, the audit should identify significant account based on consolidated financial statements.

In order to better understand the likely sources of misstatement, the auditor needs to know the flow of transactions related to the relevant assertion, including the process of how transaction are initiated, authorized, processed and recorded. Performing walkthroughs are the most effective way to find the likely sources of potential misstatements. It allows the audit follows tractions from original through the company's process, using the same documents and information technology. It includes a combination of inquiry, observation, inspection of relevant documentation and re-performance of controls.

At the last step, the audit should test those controls to see whether the company's controls are sufficient address the assessed risk of misstatement. It is unnecessary to neither test all controls nor test redundant controls, unless the repeating test is the objective of a control.

重大缺陷和重要缺陷Material Weakness vs Significant Deficiency

Significant deficiency is defined as a control deficiency, or combination of control deficiencies, such that there is a reasonable possibility that a significant misstatement of the company's annual or interim financial statements will not be prevented or detected material weakness is kind of deficiency.

Material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. There are several indicators of material weaknesses, including the identification of fraud, restatement of previously issued financial statements, identification of the misstatement have not been detected by company's internal control, ineffective oversight of the company's external financial reporting.

The audit must communicate to management and the audit committee all material weaknesses identified during the audit in writing form. The written communication should be made previously to the issuance of the auditor's report in internal control over financial reporting. If the audit conclude the company's audit committee is ineffective, the auditor must communicated in writing to the board of directors. The audit should consider whether there are any deficiencies that have been identified as significant deficiencies; they need to communicate this deficiency in writing to the audit committee.

In the audit report in internal control there are several elements required: a title with the word independent, a statement that showing the management is responsible for maintaining effective internal control over financial reporting, an identification of management's report on internal control, a statement that audit was conducted with seastrands of PCAOB, the auditor plan under the standards of PCAOB, a statement the audit obtaining an understanding of internal control over financial reporting, assessing the risk, a statement that auditor believe the audit provides a reasonable basis of the opinion, a paragraph stating financial reporting may not prevent or detect misstatements, the auditor's opinion on whether this company should remain, the manual or printed signature of auditor's firm, the city and state from the auditor's report issued, the date of the audit report.

本文编号：34881