自頂向下的方法是一個用于控制測試過程內(nèi)部控制財務(wù)報表。它遵循三個步驟:首先,自上而下的方法開始在財務(wù)報表層面與審計師對財務(wù)報表的理解;然后審計師關(guān)注實體級控制找到重要的賬戶和信息披露的弱點;最后一步是驗證過程審計風(fēng)險的理解,在公司為了解決評估風(fēng)險的控制進行測試。整個方法用于直接審計的關(guān)注賬戶信息的披露和斷言，，可能會存在誤差。
以自頂向下方法的步驟開始,測試實體級控制在自頂向下方法是很重要的，因為它可以通知審計公司是否有有效的財務(wù)報告內(nèi)部控制。有幾種方法來識別實體級控制：一個是在不同的功能上有差別，例如,一些控制很重要,但間接影響顯示錯報。他們可能會影響其他控制審計師選擇的測試。其他一些控制監(jiān)測其他控件的有效性,它們被用于識別故障低水平控制。有些實體級控制設(shè)計操作的精度水平,防止或發(fā)現(xiàn)在時間的基礎(chǔ)上進行舞弊行為。第二種方法來識別實體級控制是驗證連接控制:控制相關(guān)的控制環(huán)境,控制管理覆蓋。

由上而下的內(nèi)部控制審計方法Top-Down Approach to an Audit of Internal Control

The top-down approach is a process for controls testing of internal control over financial reporting. It follows three steps. First, top-down approach starts at the financial statement level with the auditor's understanding about financial reports. Then the auditor focuses on entity-level controls to find significant accounts and disclosure the weakness. The last step is verifying the auditors' understanding of risks of the process in company in order to test the controls that address the assessed risk. The whole approach direct audit's attention on accounts disclosures and assertions that likely misstated.

As the beginning step of top-down approach, the test of entity-level controls is important in top-down approach since it can inform the auditor whether the company has effective internal controls over financial reporting. There are several ways to identify entity-level controls. One is vary them in different functions. For instance, some controls have an important but indirect effect to show the misstatement. They might affect other control that auditor selected to test. Some other controls monitor the effectiveness of other controls and they are used to identify the breakdowns in lower level controls. Some entity-level controls are designed to operate at a level of precision to prevent or detect misstatements on time basis. The second way to identify entity-level control is to verify the connections in controls: controls related to the control environment, and controls over management override. In order to evaluating the control environment, the auditor needs to make sure there are no doubt on three parts including the effectiveness of management's philosophy or operating style on internal control over financial reporting; the understanding of integrity and ethical values of top management; the understanding of exercises oversight responsibility over financial reporting and internal controls of board or audit committee.

Relevant assertions have a possibility of containing a misstatement which may cause the misstatement of financial statement. They include existence or occurrence, completeness, valuation or allocation, rights and obligations, presentation and disclosures. In order to identify significant accounts and disclosures and their relevant assertions, the audit was required to evaluate the qualitative and quantitative risk factors relate to the financial statementline items and disclosures. The risk factors include size and composition of account, susceptibility to misstatement due to errors or fraud, volume of activity, complexity and homogeneity of the individual transaction, nature of the account, exposure to loses in the account, possibility of liabilities arising from the activities reflected in the disclosure, existence of related party transactions in the disclosure and changes from the pre-period in disclosure. The audit also needs to determine the source of potential misstatements. The risk factors are the same in the audit of internal control over financial reporting as in the audit of the financial statements. When the company has many locations, the audit should identify significant account based on consolidated financial statements.

In order to better understand the likely sources of misstatement, the auditor needs to know the flow of transactions related to the relevant assertion, including the process of how transaction are initiated, authorized, processed and recorded. Performing walkthroughs are the most effective way to find the likely sources of potential misstatements. It allows the audit follows tractions from original through the company's process, using the same documents and information technology. It includes a combination of inquiry, observation, inspection of relevant documentation and re-performance of controls.

At the last step, the audit should test those controls to see whether the company's controls are sufficient address the assessed risk of misstatement. It is unnecessary to neither test all controls nor test redundant controls, unless the repeating test is the objective of a control.

重大缺陷和重要缺陷Material Weakness vs Significant Deficiency

Significant deficiency is defined as a control deficiency, or combination of control deficiencies, such that there is a reasonable possibility that a significant misstatement of the company's annual or interim financial statements will not be prevented or detected material weakness is kind of deficiency.

Material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. There are several indicators of material weaknesses, including the identification of fraud, restatement of previously issued financial statements, identification of the misstatement have not been detected by company's internal control, ineffective oversight of the company's external financial reporting.

The audit must communicate to management and the audit committee all material weaknesses identified during the audit in writing form. The written communication should be made previously to the issuance of the auditor's report in internal control over financial reporting. If the audit conclude the company's audit committee is ineffective, the auditor must communicated in writing to the board of directors. The audit should consider whether there are any deficiencies that have been identified as significant deficiencies; they need to communicate this deficiency in writing to the audit committee.

In the audit report in internal control there are several elements required: a title with the word independent, a statement that showing the management is responsible for maintaining effective internal control over financial reporting, an identification of management's report on internal control, a statement that audit was conducted with seastrands of PCAOB, the auditor plan under the standards of PCAOB, a statement the audit obtaining an understanding of internal control over financial reporting, assessing the risk, a statement that auditor believe the audit provides a reasonable basis of the opinion, a paragraph stating financial reporting may not prevent or detect misstatements, the auditor's opinion on whether this company should remain, the manual or printed signature of auditor's firm, the city and state from the auditor's report issued, the date of the audit report.

本文編號：34881