财务报告的内部控制.doc

本科毕业论文（设计）外 文 翻 译外文题目 Auditing Internal Control Over Financial Reporting外文出处 Auditing Internal Control Over Financial Reporting University of Hawaii at Hilo 2004(12):100-107 外文作者 James E. Hunton 原文： Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 2 , AnAudit of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements, (AS-2) addresses the work that is required to audit internal control over financial reporting and the relationship of that audit to the audit of the financial statements.Since the issuance of AS-2, auditors and other parties have raised questions on a variety of issues about the implications of AS-2. To answer those questions, on June 23, 2004, the Office of the Chief Auditor of the PCAOB issued guidance in the form of questions and answers on issues related to the implementation of AS-2. Refer to the September 30, 2004, and October 15, 2004, GAAS Update Service issues for coverage of the topics previously addressed by the PCAOB staff in its June release, which relate to the following areas: auditor independence;scope and extent of testing; evaluating deficiencies; multi-location issues; using work of others;and service organizations. In response to additional implementation questions that continue to be raised, on October 6, 2004, the PCAOB staff updated its June release, Auditing Internal Control Over Financial Reporting, on frequently asked questions. The updated PCAOB release issued in October 2004 provides additional interpretive and implementation guidance on issues relating to scope and extent of testing, evaluating deficiencies, and service organizations. PCAOB staff questions and answers represent the staffs opinions on issues related to the implementation of the standards of the PCAOB. They are intended to provide guidance to auditors on implementing the PCAOBs standards. However, they are neither rules of the PCAOB nor have they been approved by the PCAOB. Scope and Extent of TestingQ. Does the scope of internal control over financial reporting as it relates to compliance with laws and regulations under AS-2 encompass controls over a broader array of circumstances than those described in AU Section 317, Illegal Acts by Clients? A. Yes. AU Section 317, Illegal Acts by Clients, provides that the auditor consider the laws and regulations that have a direct and material effect on the determination of financial statement amounts. However, paragraph 15 of AS-2 does not use the phrase “direct and material effect on the determination of financial statement amounts.” Rather, paragraph 15 of AS-2 provides that operations and compliance with laws and regulations directly related to the presentation of and required disclosures in financial statements are encompassed in internal control over financial reporting. This provision in AS-2 includes: (1) the “direct and material” effects described in AU Section 317, such as compliance with tax laws that affect accruals and the amount recognized as expense in the accounting period; and (2)other circumstances that would be classified under AU Section 317 as having only indirect effects on the financial statements In the PCAOB staffs view, internal control over financial reporting encompasses controls over the identification, measurement, and reporting of all material actual loss events that have occurred, including controls over the monitoring and risk assessment of areas in which such actual loss events are reasonably possible. The staff guidance illustrates this point by indicating that, for example, a waste disposal companys internal control over financial reporting ordinarily would encompass controls for identifying and measuring environmental liabilities for existing and newly acquired landfills, even if there is no governmental investigation or enforcement proceeding underway. The PCAOB staff believes that its interpretation is consistent with the Securities and Exchange Commission (SEC) staffs views regarding managements responsibilities for assessing internal control over financial reporting. According to the SEC staff, while it may be possible to connect the violation of any law, rule, or regulation to the financial statements by observing that if the violation is significant enough it will have a material effect on the registrants financial statements, the SEC staff does not believe that compliance with all laws fits within the definition. The SECs financial reporting requirements and the Internal Revenue Code are examples of regulations that are directly related to the preparation of the financial statements. Conversely, rules requiring disclosure as to the existence of a code of ethics or disclosure as to the existence of an audit committee financial expert are examples of rules promulgated under the Sarbanes-Oxley Act of 2002 (SOA) that are not directly related to the preparation of financial statementsEvaluating Deficiencies What is the effect on the auditors evaluation of managements assessment of internal control and the auditors report in circumstances under which managements assessment and the auditors audit procedures do not include certain controls that should have been encompassed because neither management nor the auditor has the ability to evaluate those controls?A. There may be circumstances in which there are restrictions on the scope of the auditors engagement to audit internal control over financial reporting. For example, both management and the auditor may be unable to obtain evidence of operating effectiveness of controls at a service organization used by the company because a type 2 Statement on Auditing Standards (SAS) No. 70, Service Organizations, (SAS-70) report that is deemed to be necessary under the circumstances is not available. If neither management nor the auditor is able toperform tests of controls at the service organization (e.g., because management does not have a contractual right to do so), a scope limitation exists. An SEC staff interpretation states that, subject to limited exceptions, management cannot issue a report on internal control with a scope limitation. Under paragraph 20 of AS-2, in order for the auditor to satisfactorily complete an audit of internal control over financial reporting, management must fulfill several responsibilities, including evaluating the effectiveness of the companys internal control over financial reporting and supporting its evaluation with sufficient evidence. Therefore, if management is unable to assess certain controls over financial reporting that should have been included in its assessment, a control deficiency exists. If the transaction or events subject to controls that management is unable to assess are material to the companys financial statements, the auditor ordinarily would determine that this control deficiency represents a material weakness. In addition,the auditor would need to determine whether management, under the circumstances, had failed to fulfill its responsibilities to evaluate the effectiveness of the companys internal control over financial reporting and support its evaluation with sufficient evidence. If the auditor determines that management has not fulfilled its responsibilities, the auditor is required to disclaim an opinion. Also, to the extent that management has willfully decided not to fulfill its responsibilities, the auditor may have additional responsibilities under AU Section 317 and under Section 10A of the Securities Exchange Act of 1934. In making the determination of whether management has fulfilled its responsibilities to evaluate the effectiveness of the companys internal control over financial reporting, the PCAOB staff indicates that the auditor could evaluate factors, such as the following: The date of the contract or other transaction documents that could have provided management with the ability to assess controls or otherwise to obtain evidence of the operating effectiveness of relevant controls; The relative ease or difficulty with which management could renegotiate the contract or transaction documents and the extent to which management has attempted to do so; and Whether management is able to assess the controls, or obtain evidence of operating effectiveness of relevant controls, in the absence of having access to the controls. The PCAOB staff provides the following examples of how to apply the aforementioned guidance: Inability to obtain evidence of the operating effectiveness of controls at the service organization.When the transactions or events subject to the internal controls at the service organization are material to the companys financial statements, and management is unable to obtain evidence about their operating effectiveness, the auditor ordinarily would determine that a material weakness exists. However, for example, if the servicing contract with the service organization was executed in 2001 (i.e., well before the existence of the SOA) and management already has negotiated with the service organization to provide a suitable type 2 SAS-70 report next year, the auditor might determine that management had fulfilled its responsibilities under AS-2. Accordingly, the auditor might be able to complete the audit of internal control over financial reporting. On the other hand, the auditor ordinarily would determine that management had not fulfilled its responsibilities under AS-2 in the following circumstances: (1) if management recently renewed its contract with the service organization but did not negotiate either an agreement about obtaining a suitable type 2 SAS-70 report or permission to test controls at the service organization; or (2) if the contract with the service organization is long-dated and management has not attempted to negotiate to obtain the necessary evidence of operating effectiveness of controls. Accordingly, in these circumstances, the auditor would be required to disclaim an opinion and would need to evaluate his or her additional responsibilities under AU Section 317 and under Section 10A of the Securities Exchange Act of 1934. Consolidation of variable interest entities. The SEC allows management to limit its assessment of internal control over financial reporting by excluding certain entities that are subject to consolidation under FASB Interpretation No. 46, Consolidation of Variable Interest Entitiesan Interpretation of ARB No. 51 (FIN-46). For example, management is permitted to exclude from the scope of its assessment the controls of an entity in existence prior to December 15, 2003, that is consolidated pursuant to FIN-46, for which the company does not have the right or authority to assess the controls and also lacks the ability to make that assessment. In such situations, according to AS-2, the auditor may limit the audit of internal control over financial reporting in the same manner and report without reference to the scope limitation. On the other hand, if management is unable to assess the controls of an entity consolidated pursuant to FIN-46 that came into existence subsequent to December 15, 2003, the auditor would conclude that a control deficiency exists; accordingly, if the consolidated variable interest entity is material to the companys financial statements, the auditor ordinarily would conclude that this represents a material weakness in internal control over financial reporting. Also, the auditor needs to determine whether management has fulfilled its responsibilities as described in paragraph 20 of AS-2. If the auditor determines that management has not fulfilled its responsibilities, the auditor is required to disclaim an opinion. Also, to the extent that management has willfully decided not to fulfill its responsibilities, the auditor may have additional responsibilities under AU Section 317 and under Section 10A of the Securities Exchange Act of 1934. Service Organizations By virtue of the requirement in AS-2 for the auditor to perform at least one walkthrough for each major class of transactions, if a service organizations services involve the processing of a major class of transactions, should the auditor perform walkthroughs at the service organization? AS-2 requires the auditor to perform at least one walkthrough for each major class of transactions. In a walkthrough, the auditor traces all types of company transactions and events: (1) from origination; (2) through the companys accounting, information, and financial reporting system; and (3) to their inclusion and disclosure in the companys financial statements. Because of the importance of walkthroughs and the fact that they accomplish several objectives, AS-2 specifically requires the auditor to: Perform walkthroughs in each annual audit of internal control over financial reporting; Perform the walkthroughs directly himself or herself (i.e., the auditor is precluded from delegating the performance of walkthroughs to others, e.g., to management or to the internal auditors); and Perform at least one walkthrough for each major class of transactions. If the processing of a major class of transactions involves the services of a service organization, the PCAOB staff advises that auditors would not have to perform walkthroughs at the service organization, as long as they were able to obtain sufficient evidence to achieve the objectives of the walkthrough by other means, for example through a service auditors report. In evaluating if the service auditors report provides evidence sufficient to achieve the objectives of a walkthrough, the PCAOB guidance indicates that auditors should follow the directions in paragraphs B21 to B24 of AS-2, which indicate: The auditor may obtain evidence about whether controls that are relevant to managements assessment and the auditors opinion are operating effectively by performing procedures, such as the following: Performing tests of the user organizations controls over the activities of the service organization (e.g., testing the user organizations independent performance of selected items processed by the service organization or testing the user organizations reconciliation of output reports with source documents). Performing tests of controls at the service organization. Obtaining a service auditors report on controls placed in operation and tests of operating effectiveness, or a report on the application of agreed-upon procedures that describes relevant tests of controls. If a service auditors report on controls placed in operation and tests of operating effectiveness is available, management and the auditor may evaluate whether this report provides sufficient evidence to support the assessment and opinion, respectively.In evaluating whether such a service auditors report provides sufficient evidence, management and the auditor should consider the following factors: The time period covered by the tests of controls and its relation to the date of managements assessment; The scope of the examination and applications covered, the controls tested,and the way in which tested controls relate to the companys controls; and The results of those tests of controls and the service auditors opinion on the operating effectiveness of the controls. If the service auditors report on controls placed in operation and tests of operating effectiveness contains a qualification that the stated control objectives might be achieved only if the company applies controls contemplated in the design of the system by the service organization, the auditor should evaluate whether the company is applying the necessary procedures. For example, completeness of processing payroll transactions might depend on the companys validation that all payroll records sent to the service organization were processed by checking a control total. In determining whether the service auditors report provides sufficient evidence to support managements assessment and the auditors opinion, management and the auditor should make inquiries concerning the service auditors reputation, competence, and independence. The auditor should refer to AU Section 543,Part of Audit Performed by Other Independent Auditors, for additional guidance. If the company auditor concludes that information is not available to obtain sufficient evidence to achieve the objectives of the walkthrough, he or she may: (1) consider contacting the service organization, through the user organization, to obtain specific information or to request that a service auditor be engaged to perform the procedures that will provide the necessary information; or (2) visit the service organization and perform the necessary procedures. Source:James E. Hunton, Auditing Internal Control Over Financial Reporting :University of Hawaii at Hilo. December 2004(12):100-107 译文： 财务报告的内部控制上市公司会计监督委员会（PCAOB）审计准则第2号，内部审计对财务报告与审计财务报表的控制，解决了所需要的内部控制审计财务报告工作和相关的财务报表的审计。由于使用发行的AS -2，审计师和其他各方提出的各种问题以及 AS- 2对有关问题的影响。要回答2004年6月23日办事处的问题， PCAOB的总审计师关于AS- 2的执行情况对发出的问题作出了相应的答案和形成对有关的问题的指导意见。参照2004年9月30日和2004年10月15日指导意见，PCAOB的工作人员更新发布在6月以前的服务问题，在大家共同探讨和研究的情况下，得出相关的指导意见，其中涉及到以下几个方面：审计师的独立性；审计范围和程序测试，评价的缺陷；审计地点的问题；冒用他人的工作和服务机构。2004年10月6日在回答其他问题，PCAOB的工作人员继续更新了六月发布，继续执行提高内部控制对财务报告审计。2004年10月PCAOB更新后发布新的额外的解释和执行问题的指导意见、行动范围和程序的测试，评价的不足以及相关的服务机构。PCAOB的工作人员对内部控制存在的现状得出的相关答案代表着PCAOB工作人员对执行标准问题的指导意见。他们的目的是通过实施他们的提出的相关标准来指导审计人员更好地执行好审计工作，保持独立性。然而，他们认为他们仅代表PCAOB对内部审计的一点见解，并不是权威。 测试的范围和程度 内部控制是否对财务报告的范围，因为它涉及到根据法律遵守和执行AS -2规定的情况下，在非盟第317条的情形包括更广泛的控制从而由客户端的引起非法行为？ 是的。非盟第317条，非法的客户行为，规定了审计人员考虑那些对财务报表金额的确定可能会产生直接和重大影响的法律和法规。然而，AS-2 15不使用“对财务报表金额的确定直接和重大影响。”一词，而是对AS-2第15款规定，业务和法律、法规直接相关的在会计报表介绍中披露的要求涵盖了对财务报告的内部控制。这在AS-2 15的规定包括：（一）非盟第317条，“直接材料”说明了与税法的影响和应计的会计期间确认