Page 112 - Auditing Standards
P. 112

As of December 15, 2017
       .21        Internal control over financial reporting can be described as consisting of the following

       components:  11


                The control environment,


                The company's risk assessment process,

                Information and communication,

                Control activities, and


                Monitoring of controls.


       .22        Management might use an internal control framework with components that differ from the

       components identified in the preceding paragraph when establishing and maintaining the company's internal
       control over financial reporting. In evaluating the design of controls and determining whether they have been
       implemented in an audit of financial statements only, the auditor may use the framework used by

       management or another suitable, recognized framework.     12  For integrated audits, AS 2201, states, "The
       auditor should use the same suitable, recognized control framework to perform his or her audit of internal
       control over financial reporting as management uses for its annual evaluation of the effectiveness of the

       company's internal control over financial reporting." 13  If the auditor uses a suitable, recognized internal
       control framework with components that differ from those listed in the preceding paragraph, the auditor should
       adapt the requirements in paragraphs .23-.36 of this standard to conform to the components in the framework

       used.


       Control Environment


       .23        The auditor should obtain an understanding of the company's control environment, including the
       policies and actions of management, the board, and the audit committee concerning the company's control
       environment.



       .24        Obtaining an understanding of the control environment includes assessing:


                Whether management's philosophy and operating style promote effective internal control over

                financial reporting;

                Whether sound integrity and ethical values, particularly of top management, are developed and
                understood; and


                Whether the board or audit committee understands and exercises oversight responsibility over
                financial reporting and internal control.

                Note: In an audit of financial statements only, this assessment may be based on the evidence
                obtained in understanding the control environment, in accordance with paragraph .23, and the other


                                                            109
   107   108   109   110   111   112   113   114   115   116   117