140 likes | 843 Views
Overview of PCAOB Auditing Standard No. 5. An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements. PCAOB’s New Guidance for Audits of Internal Control. Issued May 24, 2007 to supersede PCAOB Auditing Standard No. 2
E N D
Overview of PCAOB Auditing Standard No. 5 An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements
PCAOB’s New Guidance for Audits of Internal Control • Issued May 24, 2007 to supersede PCAOB Auditing Standard No. 2 • Responds to concerns about perceived inefficiencies in initial years of AS2 implementation, without reducing audit effectiveness • Retains most of the core concepts of AS2 described in Chapter 10 of Auditing & Assurance Services: An Integrated Approach • Effective for audits of fiscal years ending on or after November 15, 2007
Key Changes in AS5 • The new standard • Emphasizes a top-down risk based approach • Places greater reliance on entity-level controls • Focuses on understanding and testing controls related to risks for significant accounts and disclosures • Allows for greater ability to rely on work of others • Changes definition of material weakness and significant deficiency • Simplifies the auditor’s opinion by eliminating opinion on management’s assessment of internal control
Top Down Risk Based Approach • Emphasizes auditor focus on controls related to risks that might lead to material misstatements: • Begins at the financial statement level with consideration of risks affecting overall financial statements • Leads to identifying and understanding entity-level controls management has implemented to address overall financial statement risks • Encourages auditor to consider entity-level controls before assessing controls related to specific objectives • Notes that fraud risk is an area of higher overall risk requiring auditor to focus on antifraud programs and controls • Recognizes that size and complexity of entity and its processes affect the nature of risks and need for related controls
Entity-Level Controls • Focus on entity-level controls helps direct auditor to controls related to high risk areas • Entity-level controls often include those related to control environment, risk assessment, and monitoring components of internal control • Leads to audit efficiencies by reducing tests at transaction, account, or disclosure levels because • Some entity-level controls indirectly affect performance of other controls • Other entity-level controls directly monitor operating effectiveness of other controls
Significant Accounts and Disclosures • AS5 requires auditor to identify controls relevant to significant accounts and disclosures • An account or disclosure is significant if there is • “a reasonable possibility that the account or disclosure could contain a material misstatement that, individually or when aggregated with others, has a material effect on the financial statements.” • Represents a change from AS2, which required the auditor to understand controls for each “material class of transactions” within a single process • Likely will reduce the extent of walkthroughs the auditor must perform • Emphasizes controls where risks of material misstatements are highest
Using Work of Others • Allows auditor to use the work of others to obtain evidence about operating effectiveness of internal controls • Includes work performed by company personnel or others working under the direction of management or audit committee • Tests performed by management to provide Section 404 assertion • Requires assessment of • Competence and Objectivity of individuals performing work • Relative risks associated with controls tested
Evaluating Deficiencies • AS5 revises definitions of material weakness and significant deficiency • Material weakness is • “a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis.” • Significant deficiency is • “a deficiency, or combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important to merit the attention by those responsible for oversight of the company’s financial reporting.”
Auditor’s Opinion • AS2 required two auditor opinions on: • Whether management’s assessment of internal controls was fairly stated • Whether internal controls over financial reporting operated effectively • AS5 eliminates the first opinion • Auditor’s opinion must only address whether the company maintained, in all material respects, effective internal control over financial reporting as of the end of the fiscal year • Change affects auditor’s report wording in the introductory and opinion paragraphs of the combined report shown in Figure 3-3