|
|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing
Standard No. 2: An Audit of Internal Control
Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
Auditor's Report on
Management's Assessment of Internal Control Over
Financial
Reporting
167. The auditor's
report on management's assessment of the
effectiveness of
internal control
over financial reporting must include the
following elements:
a. A title that
includes the word
independent;
b. An
identification of management's conclusion about
the effectiveness of
the company's
internal control over financial reporting as of
a specified
date based on the
control criteria [for example, criteria
established in
Internal
Control—Integrated Framework
issued by the
Committee of
Sponsoring
Organizations of the Treadway Commission
(COSO)];
c. An
identification of the title of the management
report that includes
management's
assessment (the auditor should use the same
description
of the company's
internal control over financial reporting as
management
uses in its
report);
d. A statement
that the assessment is the responsibility of
management;
e. A statement
that the auditor's responsibility is to express
an opinion on the
assessment and an
opinion on the company's internal control
over
financial
reporting based on his or her
audit;
f. A definition of
internal control over financial reporting as
stated in
paragraph
7;
g. A statement
that the audit was conducted in accordance with
the
standards of the
Public Company Accounting Oversight Board
(United
States);
h. A statement
that the standards of the Public Company
Accounting
Oversight Board
require that the auditor plan and perform the
audit to
obtain reasonable
assurance about whether effective internal
control over
financial
reporting was maintained in all material
respects;
i. A statement
that an audit includes obtaining an
understanding of internal
control over
financial reporting, evaluating management's
assessment,
testing and
evaluating the design and operating
effectiveness of internal
control, and
performing such other procedures as the auditor
considered
necessary in the
circumstances;
j. A statement
that the auditor believes the audit provides a
reasonable
basis for his or
her opinions;
k. A paragraph
stating that, because of inherent limitations,
internal control
over financial
reporting may not prevent or detect
misstatements and that
projections of any
evaluation of effectiveness to future periods
are subject
to the risk that
controls may become inadequate because of
changes in
conditions, or
that the degree of compliance with the policies
or
procedures may
deteriorate;
l. The auditor's
opinion on whether management's assessment of
the
effectiveness of
the company's internal control over financial
reporting as
of the specified
date is fairly stated, in all material respects,
based on the
control criteria
(See discussion beginning at paragraph
162);
m. The auditor's
opinion on whether the company maintained, in
all material
respects,
effective internal control over financial
reporting as of the
specified date,
based on the control
criteria;
n. The manual or
printed signature of the auditor's
firm;
o. The city and
state (or city and country, in the case of
non-U.S. auditors)
from which the
auditor's report has been issued;
and
p. The date of the
audit report.
168. Example A-1
in Appendix A is an illustrative auditor's
report for an unqualified
opinion on
management's assessment of the effectiveness of
the company's internal
control over
financial reporting and an unqualified opinion
on the effectiveness of the
company's internal
control over financial
reporting.
169.
Separate or Combined
Reports. The auditor may choose to issue a
combined
report (that is,
one report containing both an opinion on the
financial statements and
the
opinions on
internal control over financial reporting) or
separate reports on the
company's
financial statements and on internal control
over financial reporting.
Example A-7 in
Appendix A is an illustrative combined audit
report on internal control
over financial
reporting. Appendix A also includes examples of
separate reports on
internal control
over financial reporting.
170. If the
auditor chooses to issue a separate report on
internal control over
financial
reporting, he or
she should add the following paragraph to the
auditor's report on the
financial
statements:
We also have
audited, in accordance with the standards of the
Public Company
Accounting
Oversight Board (United States), the
effectiveness of W
Company's
internal control
over financial reporting as of December 31,
20X3, based on
[identify control
criteria] and our report dated [date of report,
which should be the
same as the date
of the report on the financial
statements] expressed
[include
nature of
opinions].
and add the
following paragraph to the report on internal
control over financial
reporting:
We have also
audited, in accordance with the standards of the
Public Company
Accounting Oversight
Board (United States), the [identify financial
statements] of
W Company and our
report dated [date of report, which
should be the same as
the date of the
report on the effectiveness of internal control
over financial
reporting] expressed [include
nature of opinion].
171. Report Date. As
stated previously, the auditor cannot audit
internal control over
financial
reporting without also auditing the financial
statements. Therefore, the
reports
should be dated
the same.
172. When the
auditor elects to issue a combined report on the
audit of the financial
statements and the
audit of internal control over financial
reporting, the audit opinion
will
address multiple
reporting periods for the financial statements
presented but only the
end of the most
recent fiscal year for the effectiveness of
internal control over
financial
reporting and
management's assessment of the effectiveness of
internal control over
financial
reporting. See a combined report in Example A-7
in Appendix A.
173. Report
Modifications. The auditor should modify the
standard report if any of
the
following
conditions exist.
a. Management's
assessment is inadequate or management's report
is
inappropriate.
(See paragraph 174.)
b. There is a
material weakness in the company's internal
control over
financial
reporting. (See paragraphs 175 through
177.)
c. There is a
restriction on the scope of the engagement. (See
paragraphs
178 through
181.)
d. The auditor
decides to refer to the report of other auditors
as the basis, in
part, for the
auditor's own report. (See paragraphs 182
through 185.)
e. A significant
subsequent event has occurred since the date
being reported
on. (See
paragraphs 186 through
189.)
f. There is other
information contained in management's report on
internal
control over
financial reporting. (See paragraphs 190 through
192.)
174. Management's
Assessment Inadequate or Report Inappropriate.
If the auditor
determines that
management's process for assessing internal
control over financial
reporting is
inadequate, the auditor should modify his or her
opinion for a scope
limitation
(discussed further beginning at paragraph 178).
If the auditor determines
that
management's
report is inappropriate, the auditor should
modify his or her report to
include, at a
minimum, an explanatory paragraph describing the
reasons for this
conclusion.
175. Material
Weaknesses. Paragraphs 130 through 141 describe
significant
deficiencies and
material weaknesses. If there are significant
deficiencies that,
individually or in
combination, result in one or more material
weaknesses, management
is precluded from
concluding that internal control over financial
reporting is effective. In
these
circumstances, the auditor must express an
adverse opinion on the
company's
internal control
over financial
reporting.
|
|
.
| | |
