Less severe than it's here we can see important enough to their attention by governance
What are the factors an Auditor will consider When evaluating a control deficiency?
Probability – Remote, Reasonably possible, Probable
Magnitude – Immaterial & Material
*use Auditor's Judgment (consider If others Draw the same Conclusion)
What is a remote and immaterial control Deficiency?
Neither a significant deficiency Nor Material weakness
What is Material and Probable control deficiency?
What are indications of material weaknesses?
- Ineffective oversight by governance
- Restatements due to Material misstatements due to Error or fraud
- Material Misstatements Identified by the Auditor (Would not be detected by I/C)
- Fraud by senior management (immaterial and material)
What is a separate attestation Engagement to examine Internal control?
An examination of ICFR That is integrated with the F/S Audit for Non-Issuers (Same measure of materiality)
When would test of controls not be performed On a control Deficiency? (Attestation Integrated FS Audit/Examination of I/C)
-When the deficiency would not cause a Material misstatement To be More than REMOTE
- Auditor is not required search for internal control Deficiencies That are not Material weaknesses
Top down approach
use in F/S Audit & I/C Examination (attestation engagement AICPA)
1. Assess Risk at the financial statements ( understanding, Control Enviro, & period-end Fin Reporting process)
2. Assess risk at the significant accounts/disclosures & relevant assertions (greater than remote, walkthrough (RIIO))
3. Test effectiveness of design and operation Of controls (evidence for evaluation)
4. Evaluate deficiencies (Magnitude and probability)
5. Opinion on ICFR & Evaluate management's report
Report on Internal control (attestation engagement – AICPA)
*INDEPENDENT in title
1. Intro paragraph - "examined ICFR", mgmt responsibility maint/assertion in mgmt report, Auditor Responsibility
2. Scope paragraph – accordance with AT by AICPA, reas. Assurance, design/operating eff., "we believe"
3. Definition Paragraph – ICFR
4. Inherent limitations Paragraph – may not p,d,&c // projections of any eval
5. Opinion Paragraph
6. Audit of financial statements Paragraph - "audited in GAAS", F/S, dates (same)
* Auditor Signature and date of report (city/state NOT required for AICPA)
*VERY SIMILAR TO PCAOB I/C AUDIT REPORT (if separate reports for F/S & I/C)
PCAOB Integrated audit
AUDIT of Internal control & audit of Financial statements
(not "examination" of I/C... that is for AICPA attestation engagement for IC)
Difference between audit/examination of Internal Control in PCAOB & AICPA?
PCAOB audit is REQUIRED (F/S date audit)
- communicate in writing MW & SD PRIOR to report issuance (others in timely manner to mgmt)
AICPA (non-issuer) is required ONLY IF the auditor is engaged to examine the Internal Control (otherwise F/S would be GAAS alone)
- specific date or period of time
GAAS vs PCAOB AS#5
Significant deficiencies and Material weaknesses definition (difference)
- GAAS: includes "to prevent, or detect AND CORRECT misstatements"
- PCAOB: includes "to prevent or detect misstatements"
Differences between AICPA & PCAOB audit report on Internal Control?
- definitions of internal control (AS has provided one, AICPA COSO)
- AS#5 PCAOB includes city & state from which report issued after the signature (not required for AICPA AT)
- AICPA "examined" & PCAOB "audited"
Under PCAOB, what are the standards for being engaged to report on a previously reported internal control weakness that continues to exist (AS#4)?
1. Planning the engagement
2. Understanding of ICFR
3. Testing & Evaluating whether Material Weakness Continues to exist
4. Opinion on whether previously reported material weakness continues to exist
Auditing Standard No. 2 was issued pursuant to Section 404(b) of the Act.
What is the subject matter of this standard?
An audit of internal control over financial reporting performed in conjunction with an audit of financial statements. (PCAOB)