An Audit of Internal Control Over Financial …

1 | on auditing standards Issued by the auditing standards BoardAn Audit of Internal Control over Financial reporting that Is Integrated With an Audit of Financial Statements( aicpa , Professional standards , AU-C sec. 940; Withdraws Statement on standards for Attestation Engagements No. 15, An Examination of an Entity s Internal Control over Financial reporting that Is Integrated With an Audit of Its Financial Statements, and related Attestation Interpretation No. 1, reporting Under Section 112 of the Federal Deposit Insurance Corporation Improvement Act [ aicpa , Professional standards , AT secs. 501 and 9501]; Amends various sections in Statement on auditing standards No.)

2 122, Statements on auditing standards : Clarification and Recodification [ aicpa , Professional standards , AU-C secs. 200, 265, 315, 402, 600, 905, and 935]) 130 October 2015 SAS 19/30/15 3:55 PM10616-344 Statement on auditing standards Issued by the auditing standards BoardAn Audit of Internal Control over Financial reporting that Is Integrated With an Audit of Financial Statements( aicpa , Professional standards , AU-C sec. 940; Withdraws Statement on standards for Attestation Engagements No. 15, An Examination of an Entity s Internal Control over Financial reporting that Is Integrated With an Audit of Its Financial Statements, and related Attestation Interpretation No.

3 1, reporting Under Section 112 of the Federal Deposit Insurance Corporation Improvement Act [ aicpa , Professional standards , AT secs. 501 and 9501]; Amends various sections in Statement on auditing standards No. 122, Statements on auditing standards : Clarification and Recodification [ aicpa , Professional standards , AU-C secs. 200, 265, 315, 402, 600, 905, and 935]) 130 October 2015 SAS 130- 19/30/15 3:58 PMCopyright 2015 by American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure for requesting permission to make copies of any part of this work, please e-mail with your request.

4 Otherwise, requests should be written and mailed to the Permissions Department, aicpa , 220 Leigh Farm Road, Durham, NC 2 3 4 5 6 7 8 9 0 AAS 1 9 8 7 6 5 ISBN: 978-1-94354-622-0 SAS 130- 29/30/15 3:58 PM 1 Statement on auditing standards , An Audit of Internal Control over Financial reporting that Is Integrated With an Audit of Financial StatementsIntroductionScope of This Statement on auditing Standards1. This Statement on auditing standards (SAS) establishes require-ments and provides guidance that applies only when an auditor is engaged to perform an Audit of Internal Control over Financial report-ing (ICFR) that is integrated with an Audit of Financial statements (integrated Audit ).

5 (Ref: par. A1) 2. Generally accepted auditing standards (GAAS) are written in the context of an Audit of Financial statements but are to be adapted as necessary in the circumstances when applied to an Audit of ICFR that is integrated with an Audit of Financial This SAS includes special considerations related to performing an integrated Audit . Effective Date3. This SAS is effective for integrated audits for periods ending on or after December 15, The objectives of the auditor in an Audit of ICFR are toa. obtain reasonable assurance about whether material weak-nesses exist as of the date specified in management s assessment about the effectiveness of ICFR (as of date) and1 Paragraph.

6 02 of AU-C section 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted auditing standards ( aicpa , Professional standards ). SAS 110/12/15 8:41 AM 2 Statement on auditing standards No. 130b. express an opinion on the effectiveness of ICFR in a writ-ten report, and communicate with management and those charged with governance as required by this SAS, based on the auditor s findings. (Ref: par. A2 A4)Definitions5. For purposes of GAAS, the following terms have the meanings attributed as follows: Audit of ICFR. An Audit of the design and operating effectiveness of an entity s ICFR.

7 Control objective. The aim or purpose of specified controls. Control objectives address the risks that the controls are intended to mitigate. In the context of ICFR, a Control objec-tive generally relates to a relevant assertion for a significant class of transactions, account balance, or disclosure and addresses the risk that the controls in a specific area will not provide reason-able assurance that a misstatement or omission in that relevant assertion is prevented, or detected and corrected, on a timely The benchmarks used to measure or evaluate the subject matter. (Ref: par. A5)Detective Control . A Control that has the objective of detecting and correcting errors or fraud that have already occurred that could result in a misstatement of the Financial Control over Financial reporting (ICFR).

8 A process effected by those charged with governance, management, and other personnel, designed to provide reasonable assurance regarding the preparation of reliable Financial statements in accordance with the applicable Financial reporting framework and includes those policies and procedures thati. pertain to the maintenance of records that , in reasonable detail, accurately and fairly reflect the transactions and dispo-sitions of the assets of the entity;ii. provide reasonable assurance that transactions are recorded as necessary to permit preparation of Financial statements in accordance with the applicable Financial reporting frame-work, and that receipts and expenditures of the entity are being made only in accordance with authorizations of man-agement and those charged with governance; andSAS 210/12/15 8:41 AM Statement on auditing standards , An Audit of Internal Control over Financial reporting 3iii.

9 Provide reasonable assurance regarding prevention, or timely detection and correction of unauthorized acquisition, use, or disposition of the entity s assets that could have a material effect on the Financial has inherent limitations. ICFR is a process that involves human diligence and compliance and is subject to lapses in judg-ment and breakdowns resulting from human failures. ICFR also can be circumvented by collusion or improper management override. Because of such limitations, there is a risk that material misstatements will not be prevented, or detected and corrected, on a timely basis by ICFR. (Ref: par. A6 A7)Management s assessment about ICFR.

10 Management s conclu-sion about the effectiveness of the entity s ICFR, based on suit-able and available criteria. Management s assessment is included in management s report on ICFR. (Ref: par. A8)Preventive Control . A Control that has the objective of preventing errors or fraud that could result in a misstatement of the finan-cial for the Audit of ICFR6. AU-C section 210, Terms of Engagement ( aicpa , Professional standards ), requires the auditor to establish whether the precon-ditions for an Audit are In an Audit of ICFR, the auditor shoulda. obtain the agreement of management that it acknowledges and understands its responsibility fori.