内部控制与审计风险(英) Chapter1Generalprovisions Article1 ThisstandardispreparedinaccordancewiththeGeneralIndependentAuditingStandardtoestablishstandardsforCertifiedPublicAccountants(“CPAs”)onthestudyandevaluationofanentity'sinternalcontrolsintheauditoffinancialstatements,toassessauditrisk,toimproveauditefficiencyandtoensureahighstandardofprofessionalwork. Article2 Theterm“internalcontrols”inthisstandardreferstothepoliciesandproceduresformulatedandimplementedbyanentitywithaviewtoensuringtheefficientconductofthebusinessactivities,safeguardingassets,preventing,detectingandcorrectingerrorandfraud,andensuringthetruthfulness,legitimacyandcompletenessofaccountinginformation. Internalcontrolsincludethecontrolenvironment,accountingsystemsandcontrolprocedures. Article3 Theterm“auditrisk”inthisstandardreferstothepossibilityoftheCPAexpressinganinappropriateauditopinionafterperforminganaudit,whenthefinancialstatementscontainmaterialmisstatementsoromissions.Auditriskincludesinherentrisk,controlriskanddetectionrisk. Article4 Unlessotherwisespecified,CPAsshouldrefertothisstandardinperformingauditworkotherthantheauditoffinancialstatements. Chapter2Generalprinciples Article5 Whenpreparingtheauditplan,theCPAshouldstudyandevaluatetheentity'sinternalcontrols. Article6 TheCPAshouldperformcompliancetestsonanyinternalcontrols,whichareintendedtobereliedupon,todeterminetheimpactonthenature,timingandextentofthesubstantivetests. Article7 TheCPAshouldmaintainprofessionalscepticism,applyprofessionaljudgementreasonablytoassesstheauditriskandtodesignandperformrelevantauditproceduresinordertoreducetheauditrisktoanacceptablelevel. Article8 TheCPAshoulddocumenttheworkcarriedoutandtheresultsofthestudyandevaluationoftheinternalcontrolsandtheassessmentoftheauditriskintheauditworkingpapers. Chapter3Internalcontrols Article9 Itistheaccountingresponsibilityoftheentity'smanagementtoestablishsoundinternalcontrols.Therelevantinternalcontrolsshouldgenerally: (1)ensurethatbusinessactivitiesareconductedinaccordancewithappropriateauthorization; (2)ensurethatalltransactionsandeventsarepromptlyrecordedatthecorrectamount,intheappropriateaccountsandintheproperaccountingperiod,toenablepreparationoffinancialstatementsinaccordancewiththerelevantrequirementsoftheaccountingstandards; (3)ensurethataccesstoandhandlingofassetsandrecordsarepermittedonlyinaccordancewithappropriateauthorization;and (4)ensurethatassetsrecordedarereconciledwiththephysicalassetsatregularintervals. Article10 Whendeterminingthereliabilityofinternalcontrols,theCPAshouldmaintainprofessionalscepticismandpayadequateattentiontothefollowinginherentlimitationsofinternalcontrols: (1)Thedesignandimplementationofinternalcontrolsarerestrictedbytheprincipleofcostandbenefit; (2)Internalcontrolstendtobedirectedatroutinebusinessactivities; (3)Evenperfectlydesignedinternalcontrolsmaynotoperateeffectivelyduetohumancarelessness,distraction,mis-judgementandthemisunderstandingofinstructions; (4)Internalcontrolsmaybecircumventedthroughthecollusionbyrelevantpersonswithpartiesinsideoroutsidetheentity; (5)Internalcontrolsmaybecircumventedwhenapersonresponsibleforexercisinganinternalcontrolabusesthatresponsibilityorsubmitstoexternalpressure;and (6)Internalcontrolsmaydeteriorateorbecomeineffectiveduetochangesintheoperatingenvironmentandthenatureofthebusiness. Article11 Whenpreparingtheauditplan,theCPAshouldunderstandthedesignandoperatingconditionsoftheentity'sinternalcontrols. Whendeterminingthenature,timingandextentoftheauditprocedureswhichshouldbeperformedtounderstandtheinternalcontrols,theCPAshouldmainlyconsiderthefollowingfactors: (1)thesizeandbusinesscomplexityoftheentity; (2)thetypeandcomplexityoftheentity'sdataprocessingsystem; (3)auditmateriality; (4)thetypeofrelevantinternalcontrols; (5)thedocumentationofrelevantinternalcontrols;and (6)theresultoftheassessmentofinherentrisk. Article12 Inunderstandingtheinternalcontrols,theCPAshouldmakereasonableuseofpreviousauditexperience.Withregardtosignificantinternalcontrols,generallytheCPAmayalsoperformthefollowingprocedures: (1)makeenquiriesoftheentity'srelevantpersonsandinspecttherelevantinternalcontroldocumentation; (2)inspectthedocumentsandrecordsgeneratedbytheinternalcontrols; (3)observetheentity'sbusinessactivitiesandtheoperatingconditionsoftheinternalcontrols;and (4)choosecertaintypicaltransactionsandeventsandperformwalkthroughtestsonthem. Article13 TheCPAshouldobtainandunderstandingofthecontrolenvironmentsufficienttoassesstheattitudes,awarenessandactionsoftheentity'smanagementregardinginternalcontrolsandtheirimportance. Majorfactorsaffectingthecontrolenvironmentinclude: (1)philosophy,methodsandstyleofmanagement; (2)organisationalstructureandmethodsofassigningauthorityandresponsibility;and (3)thecontrolsystem. Article14 TheCPAshouldobtainanunderstandingoftheaccountingsystemsufficienttoidentifyandunderstand: (1)themajorclassesoftransactionsandactivitiesoftheentity; (2)howmajorclassesoftransactionsandactivitiesareinitiated; (3)significantsupportingdocuments,accountingrecordsanditemsinthefinancialstatements;and (4)theaccountingandfinancialreportingprocessforsignificanttransactionsandevents. Article15 TheCPAshouldobtainanunderstandingofthefollowingmajorcontrolproceduressufficienttodeterminetherelevantauditproceduresreasonably: (1)theauthorisationoftransactions; (2)theassignmentofresponsibility; (3)thecontrolofsupportingdocumentsandrecords; (4)accesstoassetsanduseofrecords;and (5)anyindependentchecking. Article16 Internalauditisanimportantcomponentoftheentity'scontrolsystem.TheCPAshouldconsiderthefollowingfactorswhenstudyingandevaluatingthequalityoftheinternalauditworktodeterminewhethertorelyontheresultsoftheinternalauditwork: (1)theindependenceoftheinternalauditors; (2)theexperienceandcompetenceoftheinternalauditors; (3)thenature,timingandextentoftheinternalauditprocedures; (4)thesufficiencyandappropriatenessoftheauditevidenceobtainedbytheinternalauditors;and (5)themeritplacedontheinternalauditworkbythemanagement. Article17 TheCPAmayusevariousmethodssuchasnarrativedescriptions,questionnaires,checklists,flowchartsetc.tounderstandandevaluateinternalcontrolsandshouldincludethemintheauditworkingpapers. Article18 TheCPAshouldinformtheentity'smanagementofmaterialinternalcontrolweaknessesidentifiedduringtheaudit.Ifnecessary,amanagementlettermaybeissued. Chapter4Auditrisk Article19 Indevelopingtheoverallauditplan,theCPAshouldassessinherentriskatthefinancialstatementlevel.Inherentriskreferstothesusceptibilityofanaccountbalance,orclassoftransactions,tomaterialmisstatementsoromissions,eitherindividuallyorwhenaggregatedwithmisstatementsoromissionsinotheraccountbalancesorclassesoftransactions,assumingthattherewerenorelevantinternalcontrols. Article20 Indevelopingthedetailedauditplan,theCPAshouldconsidertheimpactoftheassessmentofinherentriskonthematerialaccountbalancesorclassesoftransactionsattheassertionlevel,ordirectlyassumethatinherentriskishighfortheassertion. Article21 TheCPAshouldexerciseprofessionaljudgementreasonablyandconsiderthefollowingfactorswhenassessinginherentrisk: (1)theintegrityandcompetenceofmanagement; (2)anychangesinmanagement,especiallythefinancialstaff; (3)anyunusualpressuresonmanagement; (4)thenatureofbusiness; (5)thecircumstancesandfactorsaffectingtheindustryinwhichtheentityoperates; (6)financialstatementitemslikelytobesusceptibletomisstatements; (7)thecomplexityofimportanttransactionsandeventswhichmightrequireusingtheworkofanexpert; (8)thedegreeofestimationandjudgementinvolvedindeterminingaccountbalances; (9)thesusceptibilityofassetstolossormisappropriation; (10)theoccurrenceofunusualorcomplextransactionsduringtheaccountingperiod,particularlyneartheaccountingperiodend;and (11)thesusceptibilityoftransactionsandeventstoomissionsintheroutineaccountingprocess. Article22 Afterunderstandingtheinternalcontrolsandassessinginherentrisk,theCPAshouldmakeapreliminaryassessmentofcontrolrisk,attheassertionlevel,foreachmaterialaccountbalanceorclassoftransactions.Controlriskreferstothepossibilitythatamisstatementoromissionthatcouldoccurinanaccountbalanceorclassoftransactions,eitherindividuallyorwhenaggregatedwithmisstatementsoromissionsinotheraccountbalancesorclassesoftransactions,willnotbeprevented,detectedorcorrectedbytheinternalcontrols. Article23 TheCPAshouldassessthecontrolriskofmaterialaccountbalancesorclassesoftransactionsatahighlevel,forsomeorallassertions,whenoneormoreofthefollowingsituationsoccurs: (1)theentity'sinternalcontrolsarenoteffective; (2)itisdifficultfortheCPAtoassesstheeffectivenessofinternalcontrols;or (3)theCPAdoesnotplantoperformcompliancetests. Article24 Whenmakingapreliminaryassessmentofcontrolriskforafinancialstatementassertion,theCPAshouldnotassessthecontrolriskatahighlevelwhen: (1)relevantinternalcontrolsarelikelytoprevent,detectorcorrectmaterialmisstatementsoromissions;and (2)theCPAplanstoperformcompliancetests. Article25 iftheCPAplanstorelyontheinternalcontrols,heshouldperformcomplianceprocedurestoassessthecontrolrisk.Thelowerthepreliminaryassessmentofcontrolrisk,themoreevidencetheCPAshouldobtaintoshowthatinternalcontrolsaresuitablydesignedandoperatingeffectively. Article26 TheCPAmayperformthefollowingcomplianceprocedures: (1)inspectionofdocumentssupportingtransactionsandevents; (2)enquiriesabout,andobservationof,internalcontroloperationswhichleavenoaudittrail;and (3)reperformanceofrelevantinternalcontrolprocedures. Article27 Whenoneormoreofthefollowingsituationsoccurs,theCPAmaydirectlyperformsubstantiveprocedureswithoutperformingcompliancetests: (1)therelevantinternalcontrolsdonotexist; (2)eventhoughtherelevantinternalcontrolsexist,theCPA,throughpreliminarystudy,discoversthattheinternalcontrolsdonotoperateeffectively;or (3)compliancetestsrequiremoreworkthanthereductionofsubstantiveteststhatwouldhavebeenachievedbyperformingcompliancetests. Article28 Basedontheresultsofthecompliancetests,theCPAshouldassesswhetherthedesignandoperationoftheinternalcontrolsareinlinewiththeconclusiondrawnfromthepreliminaryassessmentofcontrolrisk.Iftherearediscrepancies,theassessedlevelofcontrolriskshouldberevisedandthenature,timingandextentofsubstantiveproceduresshouldbemodifiedaccordingly. Article29 Inacontinuingengagement,theCPAmaymakeuseoftheinformationrelatingtothestudyandevaluationofinternalcontrolsobtainedinpriorperiods,butwillneedtoupdateit. Article30 TheCPAshouldunderstandwhethertheinternalcontrolswereappliedconsistentlythroughouttheaccountingperiodbeingaudited.Iftherewereobviouschanges,theCPAshouldconsidertestingthemseparately. Article31 Ifcompliancetestshavebeenperformedintheinterimaudit,theCPA,beforedecidingtorelyentirelyontheirresults,shouldconsiderthefollowingfactorstoobtainfurtherauditevidencefortheperiodbetweeninterimperiodendandfinalperiodend: (1)theconclusiondrawnfromthecompliancetestsintheinterimaudit; (2)thelengthoftheremainingperiodaftertheinterimaudit; (3)anychangesininternalcontrolsaftertheinterimaudit; (4)thenatureandamountofthetransactionsandactivitieswhichoccurredaftertheinterimaudit;and (5)thesubstantiveprocedurestobeperformed. Article32 Beforeconcludingtheaudit,theCPAshould,basedontheresultsofsubstantivetestsandotherauditevidence,makeafinalassessmentofthecontrolriskandcheckwhetheritisinlinewiththeconclusiondrawnfromthepreliminaryassessmentoftherisk.Ifnot,theCPAshouldconsiderwhetheradditionalrelevantauditproceduresshouldbeperformed. Article33 Ascontrolriskandinherentriskarerelated,theCPAshouldmakeanoverallassessmentofinherentriskandcontrolrisk,andusetheresultasthebasisfortheassessmentofdetectionrisk. Detectionriskreferstothepossibilitythatsubstantivetestswillnotdetectamisstatementoromissionthatexistsinanaccountbalanceorclassoftransactionsthatcouldbematerial,eitherindividuallyorwhenaggregatedwithmisstatementsoromissionsinotheraccountbalancesorclassesoftransactions. Theassessmentofinherentriskandcontrolriskhasadirectimpactontheassessmentofdetectionrisk.Forhigherlevelsofinherentriskandcontrolrisk,theCPAshouldperformmoredetailedsubstantiveproceduresandshouldalsoconsidertheirnature,timingandextenttoreducethedetectionrisktoanacceptablelevel. Article34 Regardlessoftheresultoftheassessmentofinherentriskandcontrolrisk,theCPAshouldperformsubstantivetestsonallmaterialaccountbalancesorclassesoftransactions. Article35 If,afterperformingrelevantauditprocedures,theCPAstillbelievesthatdetectionriskregardinganassertionforamaterialaccountbalanceorclassoftransactionscannotbereducedtoanacceptablelevel,theCPAshouldexpressaqualifiedopinionoradisclaimerofopinion. Article36 Theinternalcontrolsinsmallbusinessesareusuallyweaker,resultinginhigherinherentriskandcontrolrisk.TheCPAshouldheavilyorentirelyrelyonsubstantiveprocedurestoobtainauditevidenceinordertoreducethedetectionrisktoanacceptablelevel. Chapter5Supplementaryprovisions Article37 TheChineseInstituteofCertifiedPublicAccountantsisresponsiblefortheinterpretationofthisstandard. Article38 Thisstandardtakeseffectfrom1January1997.
本文档为【内部控制与审计风险(英)】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。