Page 139 - Auditing Standards
P. 139

As of December 15, 2017
       entity-level controls and works down to significant accounts and disclosures and their relevant assertions.

       This approach directs the auditor's attention to accounts, disclosures, and assertions that present a
       reasonable possibility of material misstatement to the financial statements and related disclosures. The
       auditor then verifies his or her understanding of the risks in the company's processes and selects for testing
       those controls that sufficiently address the assessed risk of misstatement to each relevant assertion.





          Note: The top-down approach describes the auditor's sequential thought process in identifying risks and

          the controls to test, not necessarily the order in which the auditor will perform the auditing procedures.







       Identifying Entity-Level Controls

       .22        The auditor must test those entity-level controls that are important to the auditor's conclusion about
       whether the company has effective internal control over financial reporting. The auditor's evaluation of entity-

       level controls can result in increasing or decreasing the testing that the auditor otherwise would have
       performed on other controls.



       .23        Entity-level controls vary in nature and precision -


                Some entity-level controls, such as certain control environment controls, have an important, but

                indirect, effect on the likelihood that a misstatement will be detected or prevented on a timely basis.
                These controls might affect the other controls the auditor selects for testing and the nature, timing,
                and extent of procedures the auditor performs on other controls.


                Some entity-level controls monitor the effectiveness of other controls. Such controls might be
                designed to identify possible breakdowns in lower-level controls, but not at a level of precision that
                would, by themselves, sufficiently address the assessed risk that misstatements to a relevant

                assertion will be prevented or detected on a timely basis. These controls, when operating effectively,
                might allow the auditor to reduce the testing of other controls.

                Some entity-level controls might be designed to operate at a level of precision that would adequately

                prevent or detect on a timely basis misstatements to one or more relevant assertions. If an entity-
                level control sufficiently addresses the assessed risk of misstatement, the auditor need not test
                additional controls relating to that risk.



       .24        Entity-level controls include -



                Controls related to the control environment;




                                                            136
   134   135   136   137   138   139   140   141   142   143   144