Assessment of internal controls is part of today’s auditing requirements and helps identify risk factors. But, it can sometimes be unclear why auditors ask so many questions about their clients’ internal controls. Show The American Institute of Certified Public Accountants (AICPA) issues technical Q&As to address member inquiries on certain issues, and they recently shed some light on this subject. Here’s a set of five common questions and answers that the AICPA issued in April to help clarify an auditor’s responsibility for assessing a client’s internal controls. Are auditors required to obtain an understanding of business processes relevant to financial reporting in every audit engagement?
The AICPA defines control activities as “steps put in place by the entity to ensure that the financial transactions are correctly recorded and reported.” Auditors are expected to obtain an understanding of only those control activities that are considered relevant to the audit. There are no “cookie cutter” approaches when it comes to understanding business processes and control activities; rather, the requirements differ from audit to audit. Does an auditor’s understanding of internal controls encompass more than control activities? Should the auditor evaluate the design of controls and determine whether they’ve been implemented every year? For existing clients, an auditor may leverage information obtained from his or her previous experience with the entity and the results from audit procedures performed in previous reporting periods. In doing so, the auditor should determine whether changes affecting the control environment have occurred since the previous audit that may affect that information’s relevance to the current audit. Which control activities are considered relevant in every audit? Which relevant control activities may vary from audit to audit? 5 Components of Internal Controls
The updated COSO framework isn’t just for public companies that must comply with Sarbanes-Oxley. The framework applies to all entities that follow U.S. Generally Accepted Accounting Principles (GAAP), including for-profits, not-for-profits and government bodies. What is the purpose of evaluating internal controls by the auditor?Management and external auditors must evaluate a company's internal controls for material misstatements — doing so helps maintain the integrity of financial reporting.
What is the purpose of reviewing and evaluating internal controls?An internal control review helps identify potential weaknesses in a company's internal controls and provides practical recommendations to improve the internal controls and reduce risk.
Why is it necessary for the auditors to study and evaluate internal control each year?Assessing internal controls is part of today's auditing requirements. It helps identify risk factors — but the requirements can sometimes be unclear.
Why is it important to study and evaluate the internal control of the client?They ensure compliance with applicable laws and regulations to avoid the risk of public scandals. Poor or excessive internal controls reduce productivity, increase the complexity of processing transactions, increase the time required to process transactions and add no value to the activities.
|