AU section 325 is superseded as follows: 1. In an audit of financial statements, the auditor may identify deficiencies in the company's internal control over financial reporting. A control deficiency exists when the design or operation of a control does not allow management or employees,
in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. 2. A significant deficiency is a control deficiency, or combination of control deficiencies, that adversely affects the company's ability to initiate, authorize, record, process, or report external financial data reliably in accordance with generally accepted accounting principles such that there is more than a remote likelihood that a misstatement of the
company's annual or interim financial statements that is more than inconsequential will not be prevented or detected. Note: The term "remote likelihood" as used in the definitions of significant deficiency and material weakness (paragraph 3) has the same meaning as the term "remote" as used in Financial Accounting Standards Board Statement No. 5, Accounting for Contingencies ("FAS No. 5"). Paragraph 3 of FAS No. 5 states: When a loss
contingency exists, the likelihood that the future event or events will confirm the loss or impairment of an asset or the incurrence of a liability can range from probable to remote. This Statement uses the terms probable, reasonably possible, and remote to identify three areas within that range, as follows: a. Probable. The future event or events are likely to occur. b. Reasonably possible. The chance of the future event or events occurring is more than remote but less than likely. c. Remote. The chance of the future events or events occurring is slight. Therefore, the likelihood of an event is "more than remote" when it is either reasonably possible or probable. Note: A misstatement is inconsequential if a reasonable person would conclude, after considering the possibility of further undetected misstatements, that the misstatement, either individually or when aggregated with other misstatements, would clearly be immaterial to the financial statements. If a reasonable person could not reach such a conclusion regarding a particular misstatement, that misstatement is more than inconsequential . 3. A material weakness is a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.
4. The auditor must communicate in writing to management and the audit committee all significant deficiencies and material weaknesses identified during the audit. The written communication should be made prior to the issuance of the auditor's report on the financial statements. The auditor's communication should distinguish clearly between those matters considered significant deficiencies and those considered material weaknesses, as defined in paragraphs 2 and 3.
5. If oversight of the company's external financial reporting and internal control over financial reporting by the company's audit committee is ineffective, that circumstance should be regarded as at least a significant deficiency and as a strong indicator that a material weakness in internal control over financial reporting exists. Although there is not an explicit requirement to evaluate the effectiveness of the audit committee's oversight in an audit of only the financial statements, if the auditor becomes aware that the oversight of the company's external financial reporting and internal control over financial reporting by the company's audit committee is ineffective, the auditor must communicate that specific significant deficiency or material weakness in writing to the board of directors. 6. These written communications should include:
7. The auditor might identify matters in addition to those required to be communicated by this standard. Such matters include control deficiencies identified by the auditor that are neither significant deficiencies nor material weaknesses and matters the company may request the auditor to be alert to that go beyond those contemplated by this standard. The auditor may report such matters to management, the audit committee, or others, as appropriate. 8. The auditor should not report in writing that no significant deficiencies were discovered during an audit of financial statements because of the potential that the limited degree of assurance associated with such a report will be misunderstood. 9. When timely communication is important, the auditor should communicate the preceding matters during the course of the audit rather than at the end of the engagement. The decision about whether to issue an interim communication should be determined based on the relative significance of the matters noted and the urgency of corrective follow-up action required. In an audit of financial statements only, auditing interpretation 1 to AU sec. 325, "Reporting on the Existence of Material Weaknesses," continues to apply except that the term "reportable condition" means "significant deficiency," as defined in paragraph 9 of PCAOB Auditing Standard No. 2. Which of the following is not one of the types of opinions on internal controls?Collusion refers a group of individuals coming together for the purpose of achieving a goal through engagement in deceitful or fraudulent behaviors. Internal controls are designed to prevent such behaviors from happening within the organization. Hence, collusion is not a type of internal control.
Which of the following statements most likely represents a disadvantage for an entity that maintains computer data files rather than manual files?Which of the following is most likely a disadvantage for an entity that keeps data files prepared by personal computers rather than manually prepared files? It is usually easier for unauthorized persons to access and alter the files.
Which of the following control procedures most likely could prevent IT personnel from modifying programs to bypass programmed controls?Which of the following control procedures most likely could prevent EDP personnel from modifying programs to bypass programmed controls? Segregation of duties within EDP for computer programming and computer operations.
When auditors consider only non IT controls in assessing control risk it is known as?10. When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer.
|