内部控制和审计风险(英文版)

1、更多企业学院：中小企业管理全能版183套讲座+89700份资料总经理、高层管理49套讲座+16388份资料中层管理学院46套讲座+6020份资料国学智慧、易经46套讲座人力资源学院56套讲座+27123份资料各阶段员工培训学院77套讲座+ 324份资料员工管理企业学院67套讲座+ 8720份资料工厂生产管理学院52套讲座+ 13920份资料财务管理学院53套讲座+ 17945份资料销售经理学院56套讲座+ 14350份资料销售人员培训学院72套讲座+ 4879份资料内部控制与审计风险（英）Chapter 1 General provisionsArticle 1This standard is

2、 prepared in accordance with the General Independent Auditing Standard“CPAs ) on the study andto establish standards for Certified Public Accountants (evaluation of an entity's internal controls in the audit of financial statements , to assessaudit risk , to improve audit efficiency and to ensur

3、e a high standard of professionalwork.Article 2The term " internal controls “ in this standard refers to the policies and proceduresformulated and implemented by an entity with a view to ensuring the efficient conduct ofthe business activities , safeguarding assets , preventing , detecting and

4、correcting errorand fraudand ensuring the truthfulnesslegitimacy and completeness of accountinginformation.Internal controls include the control environment， accounting systems and controlprocedures.Article 3The term “audit risk ” in this standard refers to the possibility of the CPAexpressing an in

5、appropriateaudit opinion after performing an audit ， when the financialstatementscontain material misstatements or omissions. Audit risk includes inherent risk ， control risk and detection risk.Article 4Unless otherwise specified ， CPAs should refer to this standard in performing audit work other th

6、an the audit of financial statements.Chapter 2 General principlesArticle 5Whenpreparing the audit plan ， the CPAshould study and evaluate the entity's internal controls.Article 6which are intendedThe CPAshould perform compliance tests on any internal controls to be relied upon ， to determine the

7、 impact on the nature ， timing and extent of the substantive tests.Article 7The CPA should maintain professional scepticism ， apply professional judgement reasonably to assess the audit risk and to design and perform relevant audit procedures in order to reduce the audit risk to an acceptable level.

8、Article 8The CPAshould document the work carried out and the results of the study and evaluation of the internal controls and the assessment of the audit risk in the audit working papers.Chapter 3 Internal controlsArticle 9It is the accounting responsibility of the entity's management to establi

9、sh sound internal controls. The relevant internal controls should generally：(1) ensure that business activities are conducted in accordance with appropriate authorization;(2) ensure that all transactions and events are promptly recorded at the correctamount， in the appropriate accounts and in the pr

10、oper accounting period， to enablepreparation of financial statements in accordance with the relevant requirements of theaccounting standards;(3) ensure that access to and handling of assets and records are permitted only in accordance with appropriate authorization; and(4) ensure that assets recorde

11、d are reconciled with the physical assets at regular intervals.Article 10When determining the reliability of internal controls， the CPA should maintainprofessional scepticism and pay adequate attention to the following inherent limitations of internal controls ：(1) The design and implementation of i

12、nternal controls are restricted by the principle of cost and benefit;(2) Internal controls tend to be directed at routine business activities;(3) Even perfectly designed internal controls maynot operate effectively due to humancarelessnessdistractionmis-judgement and the misunderstanding of instruct

13、ions;(4) Internal controls may be circumvented through the collusion by relevant persons with parties inside or outside the entity;(5) Internal controls may be circumvented when a person responsible for exercising an internal control abuses that responsibility or submits to external pressure; and(6)

14、 Internal controls may deteriorate or become ineffective due to changes in the operating environment and the nature of the business.Article 11When preparing the audit plan ， the CPA should understand the design and operating conditions of the entity's internal controls.Whendetermining the nature

15、 ， timing and extent of the audit procedures which should be performed to understand the internal controls， the CPA should mainly consider thefollowing factors ：(1) the size and business complexity of the entity;(2) the type and complexity of the entity's data processing system;(3) audit materia

16、lity;(4) the type of relevant internal controls;(5) the documentation of relevant internal controls; and(6) the result of the assessment of inherent risk.Article 12In understanding the internal controls ， the CPAshould makereasonable use of previous audit experience. With regard to significant inter

17、nal controls， generally the CPA mayalso perform the following procedures ：(1) makeenquiries of the entity's relevant persons and inspect the relevant internal control documentation;(2) inspect the documents and records generated by the internal controls;(3) observe the entity's business acti

18、vities and the operating conditions of the internal controls; and(4) choose certain typical transactions and events and perform walkthrough tests on them.Article 13The CPAshould obtain and understanding of the control environment sufficient to assess the attitudes ， awareness and actions of the enti

19、ty's management regarding internal controls and their importance.Major factors affecting the control environment include(1) philosophy ， methods and style of management;(2) organisational structure and methods of assigning authority and responsibility; and(3) the control system.Article 14The CPA

20、should obtain an understanding of the accounting system sufficient to identify and understand ：(1) the major classes of transactions and activities of the entity;(2) how major classes of transactions and activities are initiated;(3) significant supporting documents， accounting records and items in t

21、he financial statements; and(4) the accounting and financial reporting process for significant transactions and events.The CPAshouldby the internalThe CPA should obtain an understanding of the following major control procedures sufficient to determine the relevant audit procedures reasonably(1) the

22、authorisation of transactions;(2) the assignment of responsibility;(3) the control of supporting documents and records;(4) access to assets and use of records; and(5) any independent checking.Article 15Internal audit is an important component of the entity's control system. consider the followin

23、g factors when studying and evaluating the quality of the internal audit work to determine whether to rely on the results of the internal audit work(1) the independence of the internal auditors;(2) the experience and competence of the internal auditors;(3) the nature ， timing and extent of the inter

24、nal audit procedures;(4) the sufficiency and appropriateness of the audit evidence obtained auditors; and(5) the merit placed on the internal audit work by the management.Article 16The CPAmayuse various methods such as narrative descriptions ， questionnaires ， check lists ， flow charts etc. to under

25、stand and evaluate internal controls and should include them in the audit working papers.Article 17The CPAshould inform the entity's managementof material internal control weaknesses identified during the audit. If necessary， a management letter may be issued.Article 18 Audit riskArticle 19In de

26、veloping the overall audit plan ， the CPA should assess inherent risk at the financial statement level. Inherent risk refers to the susceptibility of an account balance ， or class of transactions ， to material misstatements or omissions ， either individually or when aggregated with misstatements or

27、omissions in other account balances or classes of transactions ， assuming that there were no relevant internal controls.In developing the detailed audit planthe CPA should consider the impact of theassessment of inherent risk on the material account balances or classes of transactionsat the assertio

28、n level ， or directlyassume that inherent risk is high for the assertion.Article 20The CPAshould exercise professional judgement reasonably and consider the following factors when assessing inherent risk ：(1) the integrity and competence of management;(2) any changes in management ， especially the f

29、inancial staff;(3) any unusual pressures on management;(4) the nature of business;(5) the circumstances and factors affecting the industry in which the entity operates;(6) financial statement items likely to be susceptible to misstatements;(7) the complexity of important transactions and events whic

30、h might require using the work of an expert;(8) the degree of estimation and judgement involved in determining account balances;(9) the susceptibility of assets to loss or misappropriation;(10) the occurrence of unusual or complex transactions during the accounting period ，particularly near the acco

31、unting period end; and(11) the susceptibility of transactions and events to omissions in the routine accounting process.Article 21After understanding the internal controls and assessing inherent risk ， the CPAshould makea preliminary assessment of control risk ， at the assertion level ， for each mat

32、erial account balance or class of transactions. Control risk refers to the possibility that a misstatement or omission that could occur in an account balance or class of transactions ，either individually or when aggregated with misstatements or omissions in other account the internal controls.balanc

33、es or classes of transactionswill not be preventeddetected or corrected byArticle 22The CPA should assess the control risk of material account balances or classes of transactions at a high level ， for someor all assertions ， when one or more of the following situations occurs(1) the entity's int

34、ernal controls are not effective;(2) it is difficult for the CPA to assess the effectiveness of internal controls; or(3) the CPA does not plan to perform compliance tests.Article 23When making a preliminary assessment of control risk for a financial statement assertion ， the CPA should not assess th

35、e control risk at a high level when：(1) relevant internal controls are likely to prevent， detect or correct materialmisstatements or omissions; and(2) the CPA plans to perform compliance tests.Article 25if the CPA plans to rely on the internal controls， he should perform complianceprocedures to asse

36、ss the control risk. The lower the preliminary assessment of controlrisk ， the more evidence the CPAshould obtain to show that internal controls are suitably designed and operating effectively.Article 26The CPA may perform the following compliance procedures ：(1) inspection of documents supporting t

37、ransactions and events;(2) enquiries aboutand observation ofinternal control operations which leaveno audit trail; and(3) reperformance of relevant internal control procedures.Article 27When one or more of the following situations occurs， the CPA may directly performsubstantive procedures without pe

38、rforming compliance tests：(1) the relevant internal controls do not exist;(2) even though the relevant internal controls exist ， the CPA， through preliminary study ， discovers that the internal controls do not operate effectively; or(3) compliance tests require more work than the reduction of substa

39、ntive tests that would have been achieved by performing compliance tests.Article 28Based on the results of the compliance tests ， the CPAshould assess whether the design and operation of the internal controls are in line with the conclusion drawn from the preliminary assessment of control risk. If t

40、here are discrepancies， the assessed levelof control risk should be revised and the nature， timing and extent of substantiveprocedures should be modified accordingly.Article 29In a continuing engagement ， the CPA may make use of the information relating to the study and evaluation of internal contro

41、ls obtained in prior periods， but will need toupdate it.Article 30The CPA should understand whether the internal controls were applied consistently throughout the accounting period being audited. If there were obvious changes， the CPAshould consider testing them separately.Article 31If compliance te

42、sts have been performed in the interim audit ， the CPA， before deciding to rely entirely on their results ， should consider the following factors to obtain further audit evidence for the period between interim period end and final period end：(1) the conclusion drawn from the compliance tests in the

43、interim audit;(2) the length of the remaining period after the interim audit;(3) any changes in internal controls after the interim audit;(4) the nature and amount of the transactions and activities which occurred after the interim audit; and(5) the substantive procedures to be performed.Article 32B

44、efore concluding the audit ， the CPA should ， based on the results of substantive tests and other audit evidence ， make a final assessment of the control risk and check whether it is in line with the conclusion drawn from the preliminary assessment of the risk. If not ， the CPAshould consider whethe

45、r additional relevant audit procedures should be performed.Article 33As control risk and inherent risk are related， the CPA should make an overallassessment of inherent risk and control risk， and use the result as the basis for theassessment of detection risk.Detection risk refers to the possibility that substantive tests will not detect a misstatement or