Page 113 - Auditing Standards
P. 113

As of December 15, 2017
                relevant knowledge possessed by the auditor. In an integrated audit of financial statements and

                internal control over financial reporting, AS 2201 14  describes the auditor's responsibility for
                evaluating the control environment.


       .25        If the auditor identifies a control deficiency  15  in the company's control environment, the auditor should

       evaluate the extent to which this control deficiency is indicative of a fraud risk factor, as discussed in
       paragraphs .65-.66 of this standard.


       The Company's Risk Assessment Process


       .26        The auditor should obtain an understanding of management's process for:



           a.   Identifying risks relevant to financial reporting objectives, including risks of material misstatement due
                to fraud ("fraud risks");

           b.   Assessing the likelihood and significance of misstatements resulting from those risks; and


           c.   Deciding about actions to address those risks.


       .27        Obtaining an understanding of the company's risk assessment process includes obtaining an

       understanding of the risks of material misstatement identified and assessed by management and the actions
       taken to address those risks.


       Information and Communication


       .28        Information System Relevant to Financial Reporting. The auditor should obtain an understanding of
       the information system, including the related business processes, relevant to financial reporting, including:



           a.   The classes of transactions in the company's operations that are significant to the financial
                statements;


           b.   The procedures, within both automated and manual systems, by which those transactions are
                initiated, authorized, processed, recorded, and reported;

           c.   The related accounting records, supporting information, and specific accounts in the financial

                statements that are used to initiate, authorize, process, and record transactions;

           d.   How the information system captures events and conditions, other than transactions,  16  that are
                significant to the financial statements; and


           e.   The period-end financial reporting process.


                     Note: Appendix B discusses additional considerations regarding manual and automated

                     systems and controls.

                                                            110
   108   109   110   111   112   113   114   115   116   117   118