so those six would be
- planning the engagement
- using a top down approach
- testing controls
- evaluating identified deficiencies
- wrapping up
- reporting on internal control
what are these 6 tho? it's AS 2201.
what's AS 2201? it looks like it's the requirement or rather the thing? that is a response to SOX by the PCAOB? and it stipulates how exactly the issuer must ... how the audit team must evaluate the internal controls of the company, since they have to do it (unlike GAAS, where they only should? do it?)
looking back over question 1, it seems like the answer tho would depend on whether management is managing an issuer or non -issuer...
the steps are those six
but there are those three terms,
- internal control deficiency,
- signifiant deficiency, and
- material weakness
ICD
- A condition that exists when the design or operation of a control does not allow the entity’s management or employees to detect or prevent misstatements in a timely fashion.
SD
- A deficiency or a combination of deficiencies in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
MW
- A deficiency or combination of deficiencies that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis.
and then: what options are available to the auditor for issuing reports? looks like
- A report required by the Sarbanes–Oxley Act that states that management is responsible for establishing and maintaining adequate internal control over financial reporting, identifies the framework management uses to evaluate the effectiveness of the entity’s internal control, and provides management’s assessment of the effectiveness of the entity’s internal control. (management's annual report) and:
- A report required by the Sarbanes–Oxley Act that provides an opinion on the effectiveness of the entity’s internal control over financial reporting (auditor's report)
both are for SOX tho...
No comments:
Post a Comment