PCAOB "Staff Guidance on Auditing Internal Control Over Financial Reporting in Smaller Public Companies"
こんにちは、丸山満彦です。PCAOBが「Staff Guidance on Auditing Internal Control Over Financial Reporting in Smaller Public Companies」を公表していますね。。。
例示もあって、参考になりまっせ。。。
■PCAOB
●Standards and Related Rules
・Auditing Standard No. 5: An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements
目次です。
=====
Introduction
1 Scaling the Audit for Smaller, Less Complex Companies
・Scaling the Audit of Internal Control
・Tests of Controls in an Integrated Audit
・・Selection of Controls to Test
・・Tests of Operating Effectiveness of Controls
2 Evaluating Entity-Level Controls
・Evaluation of Entity-Level Controls and Testing of Other Controls
・・Identifying Entity-Level Controls
・・Assessing the Precision of Entity-Level Controls
・・Effect of Entity-Level Controls on Testing of Other Controls
>>Example 2-1 – Monitoring the Effectiveness of Other Controls
>>Example 2-2 – Entity-Level Controls Related to Payroll Processing
3 Assessing the Risk of Management Override and Evaluating Mitigating Actions
・Assessing the Risk of Management Override
・Evaluating Mitigating Controls
・・Evaluating Integrity and Ethical Values
・・Evaluating Audit Committee Oversight
・・Evaluating Whistleblower Programs
・・Evaluating Controls over Journal Entries
・・Considering the Effects of Other Evidence
>>Example 3-1 – Audit Committee Oversight
4 Evaluating Segregation of Duties and Alternative Controls
・・Smaller, Less Complex Companies' Approach to Segregation of Duties
・Audit Strategy Considerations
・・Use of External Resources
・・Management Oversight and Review
>>Example 4-1 – Alternative Controls over Inventory
5 Auditing Information Technology Controls in a Less Complex Information Technology Environment
・・Characteristics of Less Complex IT Environments
・Determining the Scope of the Evaluation of IT Controls
・・IT-Related Risks Affecting Financial Reporting
・・Consideration of Deficiencies in IT General Controls on Tests of Other Controls
>>Example 5-1 – IT-Dependent Controls
・Categories of IT Controls
・・IT General Controls
・・・Security and Access
・・・Computer Operations
・・・Systems Development and System Changes
・・Application Controls
・・End-User Computing Controls
6 Considering Financial Reporting Competencies and Their Effects on Internal Control
・Understanding and Evaluating a Company's Financial Reporting
Competencies
・Supplementing Competencies with Assistance from Outside
Professionals
>>Example 6-1 – Assistance from Outside Professionals
7 Obtaining Sufficient Competent Evidence When the Company Has Less Formal Documentation
・Audit Strategy Considerations
・・Documentation of Processes and Controls
・・Documentation of Operating Effectiveness of Controls
・・Other Considerations
>>Example 7-1 – Obtaining Information about Processes and Controls
>>Example 7-2 – Obtaining Evidence about Operating Effectiveness of Controls
8 Auditing Smaller, Less Complex Companies with Pervasive Control Deficiencies
・Pervasive Deficiencies That Result in Material Weaknesses
・・Considering the Effect of Pervasive Control Deficiencies on Other Controls
・Scope Limitation Due to Lack of Sufficient Audit Evidence
>>Example 8-1 – Pervasive Deficiencies and Testing of Controls
>>Example 8-2 –Lack of Sufficient Audit Evidence
Appendices
A The Integrated Audit Process
・・Summary of the Illustrative Audit Approach
・・Preliminary Engagement Procedures
・・Audit Planning
・・Risk Assessment Procedures
・・Overall Response to Risks
・・Specific Responses – Substantive Procedures and Tests of Controls
・・Conclusion and Wrap-up
B Discussion of Comments Received on the Preliminary Staff Views
=====
« 公認会計士協会 パブコメ 「監査・保証実務委員会報告第82号「財務報告に係る内部統制の監査に関する実務上の取扱い」(改正) | Main | COSO Guidance on Monitoring Internal Control Systems »
Comments