|
|
 |
|
Sarbanes Oxley Act -
Auditing Standards |
|
Public
Company Accounting Oversight
Board
Bylaws
and Rules – Standards – AS2
Auditing
Standard No. 2: An Audit of Internal Control
Over Financial Reporting Performed in
Conjunction With an Audit of Financial
Statements
Locations and
Business Units That Do Not Require
Testing
B12.
No testing is required for locations or business
units that individually, and
when
aggregated
with others, could not result in a material
misstatement to the financial
statements.
Multi-Location
Testing Considerations
Flowchart
B13.
Illustration B-1 depicts how to apply the
directions in this section to a
hypothetical
company
with 150 locations or business units, along with
the auditor's testing
considerations
for those locations or business
units.
Special
Situations
B14.
The scope of the evaluation of the company's
internal control over financial
reporting
should include entities that are acquired on or
before the date of
management's
assessment and operations that are accounted for
as discontinued
operations
on the date of management's assessment. The
auditor should consider this
multiple
locations discussion in determining whether it
will be necessary to test
controls
at
these entities or operations.
B15.
For equity method investments, the evaluation of
the company's internal control
over
financial reporting should include controls over
the reporting in accordance
with
generally
accepted accounting principles, in the company's
financial statements, of the
company's
portion of the investees' income or loss, the
investment balance,
adjustments
to the income or loss and investment balance,
and related disclosures.
The
evaluation ordinarily would not extend to
controls at the equity method
investee.
B16.
In situations in which the SEC allows management
to limit its assessment of
internal
control over financial reporting by excluding
certain entities, the auditor
may
limit
the audit in the same manner and report without
reference to the limitation in
scope.
However,
the auditor should evaluate the reasonableness
of management's
conclusion
that the situation meets the criteria of the
SEC's allowed exclusion and the
appropriateness
of any required disclosure related to such a
limitation. If the auditor
believes
that management's disclosure about the
limitation requires modification,
the
auditor
should follow the same communication
responsibilities as described
in
paragraphs
204 and 205. If management and the audit
committee do not respond
appropriately,
in addition to fulfilling those
responsibilities, the auditor should modify
his
or
her report on the audit of internal control over
financial reporting to include
an
explanatory
paragraph describing the reasons why the auditor
believes management's
disclosure
should be modified.
B17.
For example, for entities that are consolidated
or proportionately
consolidated,
the
evaluation of the company's internal control
over financial reporting should
include
controls
over significant accounts and processes that
exist at the consolidated or
proportionately
consolidated entity. In some instances, however,
such as for some
variable
interest entities as defined in Financial
Accounting Standards Board
Interpretation
No. 46, Consolidation of Variable Interest
Entities, management might not
be
able to obtain the information necessary to make
an assessment because it does
not
have
the ability to control the entity.
If
management is allowed to limit its assessment
by
excluding
such entities,1/ the auditor may limit the audit
in the same manner and report
without
reference to the limitation in scope. In this
case, the evaluation of the
company's
internal control over financial reporting should
include evaluation of controls
over
the reporting in accordance with generally
accepted accounting principles, in
the
company's
financial statements, of the company's portion
of the entity's income or loss,
the
investment balance, adjustments to the income or
loss and investment balances,
and
related disclosures. However, the auditor should
evaluate the reasonableness of
management's
conclusion that it does not have the ability to
obtain the necessary
information
as well as the appropriateness of any required
disclosure related to such a
limitation.
1/
It is our understanding that the SEC Staff may
conclude that management
can
limit the scope of its assessment if it does not
have the authority to affect,
and
therefore
cannot assess, the controls in place over
certain amounts. This would
relate
to
entities that are consolidated or
proportionately consolidated when the issuer
does
not
have sufficient control over the entity to
assess and affect controls. If
management's
report on its assessment of the effectiveness of
internal control over
financial
reporting is limited in that manner, the SEC
staff may permit the company to
disclose
this fact as well as information about the
magnitude of the amounts included
in
the
financial statements from entities whose
controls cannot be assessed.
This
disclosure
would be required in each filing, but outside of
management's report on its
assessment
of the effectiveness of internal control over
financial reporting.
|
|
.
| | |
