Risk Assessment, Controls and Risk Management CMA Part 1 The independent, external auditor is required to provide an independent opinion on the effectiveness of the companys internal control over financial reporting. However, the auditor is not familiar with the companys controls the way management is and does not interact with or observe the operation of the controls the way management does. Therefore, the auditor cannot obtain sufficient evidence to support an opinion on the effectiveness of internal control based solely on observation of or interaction with the companys controls. Thus, PCAOB Auditing Standard 5 states that the auditor should perform procedures such as inquiry, observation, and inspection of documents, or walkthroughs -which consist of a combination of the preceding procedures - in order to fully understand and identify the likely sources of potential misstatements, whereas management might be aware of those risk areas on an on-going basis. In performing a walkthrough, the auditor follows a single transaction from its origination all the way through the companys processes, including information systems, until it is reflected in the companys financial records, using the same documents and information technology that company personnel use. The objectives of a walkthrough are to • Obtain a complete understanding of the flow of transactions and to determine the points in the process at which misstatements could occur; • Confirm the auditors understanding of the design of controls in that process; • Evaluate the effectiveness of the design of controls; and • Determine whether controls have been placed in operation. Focusing on a single transaction from start to finish is generally the most effective and efficient way to accomplish these objectives. Walkthrough procedures usually include a combination of inquiry, observation, inspection of relevant documentation, and re-performance of controls. At the points where important processing procedures occur, the auditor should question the companys personnel about their understanding of what is required by the companys prescribed procedures and controls. These questions, combined with the other walkthrough procedures, allow the auditor to gain enough understanding of the process to be able to identify important points at which a necessary control may be missing or not designed effectively. The auditor should ask probing questions that go beyond a narrow focus on the single transaction used as the basis for the walkthrough. Probing questions allow the auditor to gain an understanding of the different types of significant transactions handled by the process. Some high-risk areas, especially areas such as the formulation of accounting estimates that are easily manipulated in spite of controls, can justify additional effort in the audit of internal control, as well as additional substantive work in the financial statement audit, regardless of the reliability of controls. A fraud risk assessment is part of the risk assessment for the financial statement audit, and this risk assessment should be taken into account in the audit of internal controls. The auditor should evaluate whether the companys controls sufficiently address identified risks of material misstatement due to fraud. The auditor should also evaluate controls intended to address the risk of management override of other controls.
Posted on: Fri, 05 Sep 2014 05:09:54 +0000
Trending Topics
Recently Viewed Topics
© 2015