Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
EOC #10 CHAPTER 7 AUDITING INTERNAL CONTROL OVER FINANCIAL REPORTING 7-1 Following are management’s and the auditor’s responsibilities under Section 404 of the Sarbanes-Oxley Act of 2002: Management’s Responsibilities Accept responsibility for the effectiveness of the entity's ICFR. Evaluate the effectiveness of the entity's ICFR using suitable control criteria. Support its evaluation with sufficient evidence, including documentation. Present a written assessment of the effectiveness of the entity’s ICFR as of the end of the entity’s most recent fiscal year. Auditor’s Responsibilities The auditor must plan and perform the audit to obtain reasonable assurance about whether the entity maintained, in all material respects, effective internal control as of the date specified in management's assessment. The audit of internal control should be “integrated” with the financial statement audit, and should express an opinion on the effectiveness of the entity’s ICFR. 7-2 “Likelihood” refers to the probability that a misstatement will not be prevented or detected. For a significant deficiency or a material weakness to exist, the likelihood of such an occurrence must be either “reasonably possible” or “probable.” “Magnitude” refers to the significance that the control deficiency could have on the financial statements according to the judgment of a prudent official who considers the possibility of further, undetected, misstatements. If the auditor’s likelihood assessment is “reasonably possible” and if the magnitude of the deficiency is assessed as “significant,” then either a significant deficiency or material weakness exists depending on the magnitude of the potential effects of the deficiency on the entity’s financial statements. 7-6 The steps in the auditor’s process for an audit of ICFR include (see Figure 7-2): Plan the audit of ICFR. Identify controls to test using a top-down, risk-based approach. Test the design and operating effectiveness of selected controls. Evaluate identified control deficiencies. Form an opinion on the effectiveness of ICFR.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
7-8 The steps in the top-down, risk-based approach to obtaining an understanding of ICFR include: Identify entity-level controls – Because these controls have a pervasive effect on ICFR, the auditor needs a thorough understanding of entity-level controls. The two major categories of controls included here are: (1) the control environment and (2) the period-end financial reporting process. Identify significant accounts and disclosures and their relevant assertions - To complete this step, the auditor evaluates risk factors related to the financial statement accounts and disclosures. The risk factors include: Size and composition of the account; Susceptibility to misstatement due to errors or fraud; Volume of activity, complexity, and homogeneity of the individual transactions processed through the account or reflected in the disclosure;
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/02/2011 for the course ACCOUNTING ACC511 taught by Professor Awe during the Spring '11 term at Prince George's Community College, Largo.

Page1 / 5


This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online