This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter 07 - Auditing Internal Control over Financial Reporting CHAPTER 7 AUDITING INTERNAL CONTROL OVER FINANCIAL REPORTING Answers to Review Questions 7-1 Following are managements and the auditors responsibilities under Section 404 of the Sarbanes-Oxley Act of 2002: Managements Responsibilities Accept responsibility for the effectiveness of the entity's ICFR. Evaluate the effectiveness of the entity's ICFR using suitable control criteria. Support its evaluation with sufficient evidence, including documentation. Present a written assessment of the effectiveness of the entitys ICFR as of the end of the entitys most recent fiscal year. Auditors Responsibilities The auditor must plan and perform the audit to obtain reasonable assurance about whether the entity maintained, in all material respects, effective internal control as of the date specified in management's assessment. The audit of internal control should be integrated with the financial statement audit, and should express an opinion on the effectiveness of the entitys ICFR. 7-2 Likelihood refers to the probability that a misstatement will not be prevented or detected. For a significant deficiency or a material weakness to exist, the likelihood of such an occurrence must be either reasonably possible or probable. Magnitude refers to the significance that the control deficiency could have on the financial statements according to the judgment of a prudent official who considers the possibility of further, undetected, misstatements. If the auditors likelihood assessment is reasonably possible and if the magnitude of the deficiency is assessed as significant, then either a significant deficiency or material weakness exists depending on the magnitude of the potential effects of the deficiency on the entitys financial statements. 7-3 All of the following controls would typically be tested (see Table 7-2): Controls over initiating, authorizing, recording, processing, and reporting significant accounts and disclosures and related assertions embodied in the financial statements. Controls over the selection and application of accounting policies that are in conformity with GAAP. Antifraud programs and controls. Controls, including IT general controls, on which other controls are dependent. Controls over significant nonroutine and nonsystematic transactions, such as accounts involving judgments and estimates. 7-1 Chapter 07 - Auditing Internal Control over Financial Reporting Entity-level controls (see Table 7-1). 7-4 Management and the auditor make similar decisions deciding which locations or business units to include for testing. Thus, the choice of which locations to include in the assessment of internal control is based on the presence of entity-level controls and the financial reporting risk at each individual location or business unit. Willis &amp; Adams provide the following flowchart as part of its Policy Statement on Identifying Significant...
View Full Document
- Spring '09
- Auditor's report, Auditing Internal Control