Wiley Practitioner's Guide to GAAS 2020. Joanne M. Flood
Чтение книги онлайн.
Читать онлайн книгу Wiley Practitioner's Guide to GAAS 2020 - Joanne M. Flood страница 60
Название: Wiley Practitioner's Guide to GAAS 2020
Автор: Joanne M. Flood
Издательство: John Wiley & Sons Limited
Жанр: Бухучет, налогообложение, аудит
isbn: 9781119596035
isbn:
Information processing
Physical controls
Segregation of duties (e.g., assigning different people the responsibility for authorizing transactions, recording transactions, and maintaining custody of assets)
(AU-C 315.A99)
The auditor should also obtain an understanding of the process of reconciling detail to the general ledger for significant accounts. (AU-C 315.21)
The Five Components of Internal Control – 5. Monitoring
The auditor should obtain sufficient knowledge of the major types of activities that the entity uses to monitor internal control over financial reporting, including the internal audit function—how it works, its responsibilities, and how it fits into the organization and sources of information used in the monitoring activities. (AU-C 315.23–.25)
Step 2. Identification of Significant Risks
As part of assessing the risks of material misstatement, the auditor should identify significant risks, which are defined as those risks that require special audit consideration. Significant risks should be determined without regard to internal controls—that is, by considering inherent risk only. (AU-C 315.28) For example, if the entity is named as a defendant in a patent infringement lawsuit that may threaten the viability of its principal product, the auditor could consider significant the risks that the lawsuit (1) would not be appropriately recorded or disclosed in accordance with GAAP or (2) may affect the entity’s ability to continue as a going concern.
Significant risks arise on most audits. When the auditor determines that a risk is a significant risk, the audit procedures should include (but not be limited to):
Obtaining an understanding of internal control, including relevant control activities, related specifically to those significant risks
Evaluating whether the controls have been designed and implemented to mitigate the risks
(AU-C 315.30)
Substantive procedures specifically designed to address the significant risk. Significant risks frequently arise from unusual, nonroutine transactions and from judgmental matters such as estimates. (AU-C 315.31) In addition, significant risks may relate to matters such as the following:
External circumstances. External circumstances giving rise to business risks influence the determination of whether the risk requires special audit attention. For example, technological developments might make a particular product obsolete, thereby causing inventory to be more susceptible to overstatement. Recent significant economic, accounting, or other developments also may require special attention.
Factors in the client and its environment. Factors in the client and its environment that relate to several or all of the classes of transactions, account balances, or disclosures may influence the relative significance of the risk. For example, a lack of sufficient working capital to continue operations or a declining industry characterized by a large number of business failures may have a pervasive effect on risk for several account balances, classes of transactions, or disclosures.
Recent developments. Recent significant economic, accounting, or other developments can affect the relative significance of a risk.
Complex calculations. Complex calculations are more likely to be misstated than are simple calculations.
Risk of fraud or theft. Revenue recognition is presumed to be a financial reporting fraud risk; cash is more susceptible to misappropriation than an inventory of coal.
Estimates. Accounts consisting of amounts derived from accounting estimates that are subject to significant measurement uncertainty pose greater risks than do accounts consisting of relatively routine, factual data.
Related-party transactions. Related-party transactions may create business risks that can result in a material misstatement of the financial statements.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate Audit Evidence
For some risks it is not possible or practicable to reduce detection risk to an acceptably low level with audit evidence obtained only from substantive procedures. (AU-C 315.31) Examples of such situations include:
An entity that conducts its business using IT to initiate orders for the purchase and delivery of goods based on predetermined rules of what to order and in what quantities, and to pay the related accounts payable based on system-generated decisions initiated upon the confirmed receipt of goods and terms of payment.
An entity that provides services to customers via electronic media and uses IT to create a log of the services provided to its customers, to initiate and process its billings for the services, and to automatically record such amounts in the accounting records.
Step 3. Assessing the Risk of Material Misstatement
AU-C 315 describes risks as existing at one of two levels: the financial statement level or the relevant assertion level. This distinction is important because the nature of the auditor’s response differs depending on whether the risk is at the financial statement level or the assertion level.
Financial-statement-level risks. The risk of material misstatement at the financial statement level has a pervasive effect on the financial statements and affects many assertions. (AU-C 315.A122) The control environment is an example of a financial-statement-level risk. In some instances, it may not be possible to relate financial-statement-level risks to a specific assertion. (AU-C 315.A123–.A124) These risks should be related to assertion-specific responses. Financial-statement-level risks may require the auditor to develop an overall response, such as assigning more experienced team members.
Assertion-level risks. Assertion-level risks pertain to a single assertion or related group of assertions. Assertion-level risks will require the auditor to design and perform specific further audit procedures such as tests of controls and/or substantive procedures that are directly responsive to the assessed risk. (AU-C 315.A126)
(AU-C 315.26)
The auditor’s understanding of the entity and its environment—which includes an evaluation of the design and implementation of internal control—is used to assess the risk of material misstatement. To assess the risk of material misstatement, the auditor should:
Identify risks throughout the process of obtaining an understanding of the entity, its internal control, and its environment.
Relate the identified risks to what can go wrong at the relevant assertion level.
Consider whether the risks could result in a material misstatement to the financial statements.
Consider the likelihood that the risks could result in a material misstatement of the financial statements.
(AU-C 315.27)
NOTE: СКАЧАТЬ