会计论文的重大缺陷和实质性漏洞

会计论文的重大缺陷和实质性漏洞

Material Weakness Versus Significant Deficiency
 

公众会计监督委员会(PCAOB)最近发布的审计标准5号(AS5)属于“财务报告内部控制审计与财务报表审计整合”，它建立了特定需求为审计师可能对学生的管理进行审计评估时使用的内部控制程序,这些程序的效率。这份备忘录集中在一个狭窄的AS5但至关重要的一部分,其重要性的理解和认识的变化。在本备忘录我将集中在自顶向下方法的总结审计的内部控制以及向你描述一个重大缺陷和重要缺陷之间的差异和沟通审计结果。

 

使用自顶向下方法的主要目的是为了方便审计师选择他们希望控制测试。根据审计发现通过使用这种方法,他们可以选择某些控制他们想被测试,充分关注错报的风险。这种方法开始于审计人员了解相关的风险与财务报表上的财务报告。一旦建立理解,然后审计他们的注意力集中在识别实体级控制。

 

当识别实体级控制是很重要的知道这些控件包括什么。实体级控制包括诸如:控制环境、控制管理覆盖,企业风险评估的过程,集中处理和控制,控制监控操作的结果,控制监督其他控制,控制期末财务报告过程,以及政策,解决重大的业务控制和风险管理实践(信息AS5)所示。

 

The Public Accounting Oversight Board (PCAOB) recently released auditing standard number 5 (AS5) which pertains to "An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements" which establishes certain requirements for which an auditor may use while performing an audit on their clienteles management assessment over their internal control procedures and the efficiency of those procedures. This memo focuses on a narrow part of the AS5 but is vital in its importance of understanding and recognizing the changes that has been made to it. In this memo I will focus on the summarizing of the top down approach to an audit of internal control as well as describe to you the differences between a material weakness and a significant deficiency and the communication of the audit results.

 

The main purpose of using a top down approach is to make it easy for auditors to choose which controls they wish to test. Based on the auditor's findings by using this approach, they can select certain controls in which they want to be tested that adequately attend to the risk of a misstatement. This approach begins with the auditors understanding the risks that are related with the financial reporting on the financial statements. Once an understanding is established, the auditor then focuses their attention on identifying entity level controls.

 

When identifying entity level controls it is important to know what those controls include. The entity level controls include such things as: the control environment, the controls over management override, the companies risk assessment process, centralized processing and controls, controls to monitor the result of operations, controls to monitor other controls, controls over the period end financial reporting process, and also policies that address significant business control and risk management practices (information shown in the AS5). The auditor tests these controls in order to see if the company has an efficient internal control system for their financial reporting. An important thing to note is that by testing these controls it ultimately factors in or out additional testing used for other controls. It is also important to know that entity level controls vary in character. Some controls indirectly have an effect on the possibility of detecting a misstatement while others are intended for just that reason, so being able to know these controls and how they interact within the internal control environment is a significant step in accurately testing the controls.

 

Understanding the control environment holds more importance than others in that it directly relates to the effectiveness of financial reporting. When evaluating the environment the auditor needs to pay special attention to and assess whether there are strong ethical and moral values implemented into the work force, especially at the management level, and whether the management teams operating style is embedded throughout the company as an effective and efficient source directly relating to the internal control over financial reporting.

 

Because of its importance in financial reporting and internal control, understanding the year-end financial reporting process is critical. This process includes everything from the procedures used when you enter a transaction into the general ledger all the way to the preparation of the annual or quarterly financial statements and related disclosures. The auditor needs to be able to assess the inputs, processes, and outputs in preparing the financial statements. Also gaining an understanding of IT involvement is important as well as who does what, adjusting entry procedures, location in which everything takes place, and management oversight. Knowing all this will ensure that the appropriate assessed risk it being taken care of.

 

The next step is to identify significant accounts and disclosures and their relevant assertions. A financial statement assertion is deemed to be relevant if the possible misstatement would cause the financial statements to be materially misstated. The financial statement assertions which are present in AS5 are: existence or occurrence, completeness, valuation or allocation, rights and obligations, and presentation and disclosure. In order to identify the relevant assertions that are in accounts and disclosures, the auditor must assess the "qualitative and quantitative risk factors" (AS5) that are related to the line items and disclosures present on the financial statements. Risk factors that are informative in this step are such things as the size and composition of the account, vulnerability that a misstatement can occur do to error or fraud, amount and complexity of the transactions that run through the account, the underlying nature, how complex the account is, exposures to losses, possibility of contingent liabilities, also changes in the characteristics of the account. When looking for accounts and disclosures relevant assertions, the auditor should also be asking themselves what could go wrong and where, so they can determine likely sources of potentially misstated financial statements that would make the financial statements materially misstated. It is important to note that the evaluated risk factors found in identifying significant accounts and disclosures and their relevant assertions and the audit of internal control over financial reporting are the same. With this understanding it will help to narrow down the amount of accounts tested and help bring misstatements to the surface.

 

There is a lot of judgment that is made by the auditor and so it is highly recommended that the auditor perform in the audit. If that is not the case, the auditor should supervise others who carry on the procedures. When performing an audit the auditor should set out key objectives in which they wish to obtain. Some objectives include: gaining an understanding of how the transactions flow throughout the company relative to the assertion, verifying the areas in which the auditor sees that misstatements that are material in matter may occur, making sure that management has implemented adequate controls to mitigate the risk of a misstatement, and making sure management has implemented detection and prevention controls to catch the risks at the time they hit or before in order to save the financial statements from being misstated. The above mentioned objectives serve as a great way to start conducting your audit. Also, knowing the clients IT system and how it works improves the confidence in making a judgment. The most efficient way to achieve the objectives of the audit is do engage in a walkthrough in which the auditor takes a transaction and follows it through the system from the time of its origin into the system to the time at which it is reflected on the company's financial records. Asking personnel questions along the way will also help to get a full view of how the system works and the process it takes.

 

After the auditor has gathered relevant information the last step is to actually test those controls. The auditor should focus on the controls that are important to his conclusion about how sufficient the company's controls address each relevant assertion. This top down approach is widely used and is very effective in testing controls to ensure the reliability a company gives its customers. To recap what I have just previously discussed, the auditor performs this approach by focusing on the broadest level in the clients processes which is the financial statements and then works their way down until you can narrow out certain transactions to test and perform a walkthrough on. This is the essence of a top down approach.

 

The next topic in which I would like to talk about is the difference between a material weakness and a significant deficiency. A material weakness is a deficiency in internal control over financial reporting in which there exists a reasonable possibility that a misstatement that is material that will not be detected or prevented in a timely manner on the company's financial statements. A significant deficiency is a deficiency in internal control over financial reporting that is not as critical as a material weakness is but is important enough for the people who are responsible for financial reporting to pay close attention to it. Although both terms are much alike it is difficult to assess whether a risk is severe enough to be material in nature or whether it should just be monitored, therefore it is important to distinguish when a possible misstatement is either a material weakness or a significant deficiency. Some indicators that allows us to classify a misstatement as material are; if a fraud has been committed by senior management, no matter how small the offense is, it is always considered to be material, if issued financial statements need to be restated to imitate the correction of a misstatement, if the auditor found a misstatement in the financial statements that would otherwise go undetected, and also if the audit committee is inefficient in overseeing the company. One way to decide whether these indicators are of material weakness status is to determine whether customers(investors?) would change their minds of having reasonable assurance that the financial statements are stated correctly. If the answer is no, the indicator is material in nature.