SAS no. 55 - help has arrived.
Since the issuance of Statement on Auditing Standards no. 55, Consideration of the Internal Control Structure in a Financial Statement Audit, the phones of several of the American American, river, 30 mi (48 km) long, rising in N central Calif. in the Sierra Nevada and flowing SW into the Sacramento River at Sacramento. The discovery of gold at Sutter's Mill (see Sutter, John Augustus) along the river in 1848 led to the California gold rush of Institute of CPAs technical divisions haven't have·n't
Contraction of have not.
haven't have not
haven't have stopped ringing. Everyone has questions about the requirements and, more important, how they can be met.
The Audit Guide Consideration of the Internal Control Structure in a Financial Statement Audit can help answer those questions. Issued by the AICPA AICPA
See American Institute of Certified Public Accountants (AICPA). auditing standards board's control risk audit guide task force, the guide provides information that can help auditors AUDITORS, practice. Persons lawfully appointed to examine and digest accounts referred to them, take down the evidence in writing, which may be lawfully offered in relation to such accounts, and prepare materials on which a decree or judgment may be made; and to report the whole, together determine how to apply SAS (1) (SAS Institute Inc., Cary, NC, www.sas.com) A software company that specializes in data warehousing and decision support software based on the SAS System. Founded in 1976, SAS is one of the world's largest privately held software companies. See SAS System. no. 55 in a broad range of audit engagements.
WHY WAS THE GUIDE
Issue din DIN - Deutsche Institut fuer Normung. The German standardisation body, a member of ISO. 1988, SAS no. 55 covers audits of financial statements for periods beginning on or after January January: see month. 1, 1990. It requires the auditor auditor n. an accountant who conducts an audit to verify the accuracy of the financial records and accounting practices of a business or government. A proper audit will point out deficiencies in accounting and other financial operations. , in every audit, to do both of the following:
* Obtain an understanding of each element of the internal control structure (control environment, accounting system and control procedures) sufficient to plan the audit.
* Assess control risk for assertions related to significant account balances and transaction classes.
Because this standard is very conceptual, the ASB ASB Asbestos
ASB Arbeiter Samariter Bund (German medical help organisation)
ASB Anti-Social Behaviour
ASB Accounting Standards Board (UK FRC)
ASB Aarhus School of Business realized practitioners would find application difficult. Therefore, a task force was formed to develop a guide for practitioners. Following are some of the most common questions auditors are asking.
Q How does the guide help me apply SAS no. 55?
A As mentioned above, SAS no. 55 requires the auditor to understand the entity's internal control structure well enough to plan the audit. But what procedures are necessary to obtain that understanding? How should the understanding be documented? These are only some of the questions the guide answers.
The basic premise of the guide is that the procedures performed to understand the internal control structure and to assess control risk differ, depending on the preliminary audit strategy selected for a particular financial statement assertion. The guide describes two preliminary strategies an auditor could choose when auditing an assertion. As can be seen by referring to the flowchart flowchart
Graphical representation of a process, such as a manufacturing operation or a computer operation, indicating the various steps taken as the product moves along the production line or the problem moves through the computer. (see the exhibit on page 109), an auditor may plan
* A primarily substantive approach (shown on the left side of the flowchart). An auditor who follows this strategy normally plans to assess control risk at or slightly below maximum. The auditor is not required to perform tests of controls when assessing control risk at maximum. (However, procedures performed to understand the internal control structure may provide some evidence of the design and operating effectiveness of control structure policies or procedures. If so, these procedures serve as tests of controls and may enable the auditor to assess control risk below maximum.)
* A lower control risk assessment (shown on the right side of the flowchart). Under this strategy, the auditor plans tests of controls to obtain evidence about the effectiveness of specific internal control structure policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental . If those tests support the lower control risk assessment, the auditor performs fewer (or less effective) substantive procedures than he or she would perform if following a primarily substantive approach.
In each case, the preliminary audit strategy influences the nature, timing and extent of procedures used to obtain an understanding of the internal control structure, assess control risk and design substantive procedures.
The guide illustrates the effect of the preliminary audit strategy on the auditor's procedures by describing the audits of three hypothetical Hypothetical is an adjective, meaning of or pertaining to a hypothesis. See:
Ownco is a small, owner-managed business that does not have complex organizational structure This article has no lead section.
To comply with Wikipedia's lead section guidelines, one should be written. or a sophisticated computer system. Young Fashions is a growing, nonpublic Adj. 1. nonpublic - not invested with or related to prominent position or status etc.
private - confined to particular persons or groups or providing privacy; "a private place"; "private discussions"; "private lessons"; "a private club"; "a private secretary"; company with multiple locations. For both of these companies, the guide assumes the auditors plan to assess control risk for assertions related to a specific account balance and transaction calss based only on procedures needed to plan a primarily substantive approach.
In contrast, Vinco is a pubilc company with a more complex organizational structure and a sophisticated computer system. Vinco's auditor chose to understand and test sufficient internal control sturcture policies and procedures to support a lower control risk assessment for some assertions. By comparing and contrasting the procedures auditors performed in each of the hypothetical companies, the guide demonstrates how to apply SAS no. 55 in a broad range of audits.
Q The flowchart in the guide is different from the one in SAS no. 55. Which flowchart should I use?
A The exhibit on page 109 shows the guide's flowchart, which was dsigned to facilitate an understanding of the guide and encompasses the concept of a preliminary audit strategy. It is similar to the one in SAS no. 55, which was intended to help auditors understand the conceptual framewofk of that standard. Both flowcharts can be useful in applying the provisions of SAS no. 55.
Q Do I have to follow one of the two strategies described in the guide?
A No. The guide presents only two strategies among the many an auditor could choose when auditing an assertion. Auditors are not required to select a preliminary audit strategy but generally a strategy is more efficient since, as described in the guide, it influences the nature, timing and extent of audit work.
Q The guide contains qualitative control risk assessments ranging from low to maximum. Must I use these terms when assessing control risk? Can I assess control risk in quantitative terms?
A For illustration, the guide uses qualitative control risk assessments that range from maximum--the greatest probability that a material misstatement mis·state
tr.v. mis·stat·ed, mis·stat·ing, mis·states
To state wrongly or falsely.
mis·statement n. will occur in a financial statement assertion and not be either prevented or quickly detected by the entity's internal control structure policies or procedures--to low. Auditors may assess control risk using these or other qualitative terms or they may use quantitative terms.
Q My client is a small, owner-managed service organization that, because of its size, doesn't have adequate segregation segregation: see apartheid; integration. of duties. How can the guide help me with the audit of this small business?
A An inadequate segregation of duties because of limited personnel is a significant concern of many small business auditors. Often, a shortage of personnel in a small business results in an inadequate review function and in employees who are in a position both to perpetrate per·pe·trate
tr.v. per·pe·trat·ed, per·pe·trat·ing, per·pe·trates
To be responsible for; commit: perpetrate a crime; perpetrate a practical joke. and conceal conceal,
v to hide; secrete; withhold from the knowledge of others. fraud in the normal course of business. Thus, an auditor generally finds many of the organization's internal control structure policies and procedures are ineffective in detecting and preventing material misstatements.
The guide discusses ways in which good owner-manager controls may mitigate mit·i·gate
To moderate in force or intensity.
miti·gation n. the auditor's concern. For example, Ownco's owner-manager demonstrates a conservative attitude toward accepting business risks. He uses information generated by the accounting system to compare performance to that of prior years and he reviews accounting reports regularly. He also performs numerous control procedures. For example, he checks the accuracy of disbursements and reviews the periodic physical inventory compilations. These owner-manager procedures encourage employees to work with greater care, thereby reducing the risk of material misstatements. If the auditor obtains evidence that these procedures are effective, he or she may assess control risk below the maximum for specific assertions.
Q SAS no. 55 requires me to document that I obtained sufficient understanding of the internal control structure to plan the audit. If I assess control risk at maximum, it also requires that I document that conclusion. Alternatively, if I assess control risk below maximum, SAS no. 55 requires that I document the basis for my assessment. How does the new audit guide help an auditor to meet these documentation requirements?
A Over 100 pages of the guide are devoted to sample workpapers that illustrate how the auditors of the three hypothetical companies satisfied the documentation requirements of SAS no. 55. For entities with a simple internal control structure like Ownco, a memorandum is frequently used. However, as systems become more complex, narratives may become longer and important information can get buried bur·y
tr.v. bur·ied, bur·y·ing, bur·ies
1. To place in the ground: bury a bone.
a. To place (a corpse) in a grave, a tomb, or the sea; inter.
b. in the discussion. Thus, flowcharts and questionnaires such as those illustrated for Young Fashions and Vinco could be more effective for documenting more complex internal control structure policies and procedures. Generally, the more complex the entity's internal control structure and the more extensive the procedures performed to obtain the understanding, the more extensive the auditor's documentation will end up being.
This article has described some of the ways the guide can assist practitioners in applying SAS no. 55. To obtain the guide, call (800) 334-6961 or (800) 248-0445 in New York New York, state, United States
New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of State, or write to the AICPA order department. The guide is produce number 012450 and costs $25.
Barry Barber A barber (from the Latin barba, "beard") is someone whose occupation is to cut any type of hair, give shaves, and trim beards. In previous times, barbers also performed surgery and dentistry. , national quality assurance partner, Grant Thornton, and Mimi Blanco-Best, technical manager in the American Institute of CPAs auditing standards division, answer questions about a new audit guide.