|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing Standard No. 2: An Audit of Internal
Control Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
This standard was approved by the
Securities and Exchange Commission on June 17,
2004, and is effective for audits of internal
control over financial reporting required by
Section 404(b) of the Sarbanes-Oxley Act of
2002.
10.
A material weakness is a significant deficiency,
or combination of significant
deficiencies,
that results in more than a remote likelihood
that a material misstatement
of
the annual or interim financial statements will
not be prevented or detected.
Note:
In evaluating whether a control deficiency
exists and whether control
deficiencies,
either individually or in combination with other
control deficiencies,
are
significant deficiencies or material weaknesses,
the auditor should consider
the
definitions in paragraphs 8, 9 and 10, and the
directions in paragraphs 130
through
137.
As
explained in paragraph 23, the evaluation of the
materiality of
the
control deficiency should include both
quantitative and qualitative
considerations.
Qualitative factors that might be important in
this evaluation
include
the nature of the financial statement accounts
and assertions involved
and
the reasonably possible future consequences of
the deficiency.
Furthermore,
in determining whether a control deficiency or
combination of
deficiencies
is a significant deficiency or a material
weakness, the auditor should
evaluate
the effect of compensating controls and whether
such compensating
controls
are effective.
11.
Controls over financial reporting may be
preventive controls or detective
controls.
•
Preventive controls have the objective of
preventing errors or fraud from
occurring
in the first place that could result in a
misstatement of the
financial
statements.
•
Detective controls have the objective of
detecting errors or fraud that
have
already
occurred that could result in a misstatement of
the financial
statements.
12.
Even well-designed controls that are operating
as designed might not prevent a
misstatement
from occurring. However, this possibility may be
countered by
overlapping
preventive controls or partially countered by
detective controls. Therefore,
effective
internal control over financial reporting often
includes a combination of
preventive
and detective controls to achieve a specific
control objective. The
auditor's
procedures
as part of either the audit of internal control
over financial reporting or the
audit
of the financial statements are not part of a
company's internal control over
financial
reporting.
Framework Used by
Management to Conduct Its
Assessment
13.
Management is required to base its assessment of
the effectiveness of the
company's
internal control over financial reporting on a
suitable, recognized control
framework
established by a body of experts that followed
due-process procedures,
including
the broad distribution of the framework for
public comment. In addition to
being
available to users of management's reports, a
framework is suitable only when
it:
•
Is free from bias;
•
Permits reasonably consistent qualitative and
quantitative measurements
of
a company's internal control over financial
reporting;
•
Is sufficiently complete so that those relevant
factors that would alter a
conclusion
about the effectiveness of a company's internal
control over
financial
reporting are not omitted; and
•
Is relevant to an evaluation of internal control
over financial
reporting.
|
|
.
| | |
