Why does an auditor need an understanding of internal controls?
Assessment of internal controls is part of today’s auditing requirements and helps identify risk factors. But, it can sometimes be unclear why auditors ask so many questions about their clients’ internal controls. The American Institute of Certified Public Accountants (AICPA) issues technical Q&As to address member inquiries on certain issues, and they recently shed some light on this subject. Here’s a set of five common questions and answers that the AICPA issued in April to help clarify an auditor’s responsibility for assessing a client’s internal controls. Are auditors required to obtain an understanding of business processes relevant to financial reporting in every audit engagement?
The AICPA defines control activities as “steps put in place by the entity to ensure that the financial transactions are correctly recorded and reported.” Auditors are expected to obtain an understanding of only those control activities that are considered relevant to the audit. There are no “cookie cutter” approaches when it comes to understanding business processes and control activities; rather, the requirements differ from audit to audit. Does an auditor’s understanding of internal controls encompass more than control activities? Should the auditor evaluate the design of controls and determine whether they’ve been implemented every year? For existing clients, an auditor may leverage information obtained from his or her previous experience with the entity and the results from audit procedures performed in previous reporting periods. In doing so, the auditor should determine whether changes affecting the control environment have occurred since the previous audit that may affect that information’s relevance to the current audit. Which control activities are considered relevant in every audit? Which relevant control activities may vary from audit to audit? 5 Components of Internal Controls
The updated COSO framework isn’t just for public companies that must comply with Sarbanes-Oxley. The framework applies to all entities that follow U.S. Generally Accepted Accounting Principles (GAAP), including for-profits, not-for-profits and government bodies. June 21, 2017 |