内部控制与审计风险(英)

内部控制与审计风险（英）　　Chapter1Generalprovisions　　Article1　　ThisstandardispreparedinaccordancewiththeGeneralIndependentAuditingStandardtoestablishstandardsforCertifiedPublicAccountants(“CPAs”)onthestudyandevaluationofanentity'sinternalcontrolsintheauditoffinancialstatements，toassessauditrisk，toimproveauditefficiencyandtoensureahighstandardofprofessionalwork.　　Article2　　Theterm“internalcontrols”inthisstandardreferstothepoliciesandproceduresformulatedandimplementedbyanentitywithaviewtoensuringtheefficientconductofthebusinessactivities，safeguardingassets，preventing，detectingandcorrectingerrorandfraud，andensuringthetruthfulness，legitimacyandcompletenessofaccountinginformation.　　Internalcontrolsincludethecontrolenvironment，accountingsystemsandcontrolprocedures.　　Article3　　Theterm“auditrisk”inthisstandardreferstothepossibilityoftheCPAexpressinganinappropriateauditopinionafterperforminganaudit，whenthefinancialstatementscontainmaterialmisstatementsoromissions.Auditriskincludesinherentrisk，controlriskanddetectionrisk.　　Article4　　Unlessotherwisespecified，CPAsshouldrefertothisstandardinperformingauditworkotherthantheauditoffinancialstatements.　　Chapter2Generalprinciples　　Article5　　Whenpreparingtheauditplan，theCPAshouldstudyandevaluatetheentity'sinternalcontrols.　　Article6　　TheCPAshouldperformcompliancetestsonanyinternalcontrols，whichareintendedtobereliedupon，todeterminetheimpactonthenature，timingandextentofthesubstantivetests.　　Article7　　TheCPAshouldmaintainprofessionalscepticism，applyprofessionaljudgementreasonablytoassesstheauditriskandtodesignandperformrelevantauditproceduresinordertoreducetheauditrisktoanacceptablelevel.　　Article8　　TheCPAshoulddocumenttheworkcarriedoutandtheresultsofthestudyandevaluationoftheinternalcontrolsandtheassessmentoftheauditriskintheauditworkingpapers.　　Chapter3Internalcontrols　　Article9　　Itistheaccountingresponsibilityoftheentity'smanagementtoestablishsoundinternalcontrols.Therelevantinternalcontrolsshouldgenerally：　　(1)ensurethatbusinessactivitiesareconductedinaccordancewithappropriateauthorization;　　(2)ensurethatalltransactionsandeventsarepromptlyrecordedatthecorrectamount，intheappropriateaccountsandintheproperaccountingperiod，toenablepreparationoffinancialstatementsinaccordancewiththerelevantrequirementsoftheaccountingstandards;　　(3)ensurethataccesstoandhandlingofassetsandrecordsarepermittedonlyinaccordancewithappropriateauthorization;and　　(4)ensurethatassetsrecordedarereconciledwiththephysicalassetsatregularintervals.　　Article10　　Whendeterminingthereliabilityofinternalcontrols，theCPAshouldmaintainprofessionalscepticismandpayadequateattentiontothefollowinginherentlimitationsofinternalcontrols：　　(1)Thedesignandimplementationofinternalcontrolsarerestrictedbytheprincipleofcostandbenefit;　　(2)Internalcontrolstendtobedirectedatroutinebusinessactivities;　　(3)Evenperfectlydesignedinternalcontrolsmaynotoperateeffectivelyduetohumancarelessness，distraction，mis-judgementandthemisunderstandingofinstructions;　　(4)Internalcontrolsmaybecircumventedthroughthecollusionbyrelevantpersonswithpartiesinsideoroutsidetheentity;　　(5)Internalcontrolsmaybecircumventedwhenapersonresponsibleforexercisinganinternalcontrolabusesthatresponsibilityorsubmitstoexternalpressure;and　　(6)Internalcontrolsmaydeteriorateorbecomeineffectiveduetochangesintheoperatingenvironmentandthenatureofthebusiness.　　Article11　　Whenpreparingtheauditplan，theCPAshouldunderstandthedesignandoperatingconditionsoftheentity'sinternalcontrols.　　Whendeterminingthenature，timingandextentoftheauditprocedureswhichshouldbeperformedtounderstandtheinternalcontrols，theCPAshouldmainlyconsiderthefollowingfactors：　　(1)thesizeandbusinesscomplexityoftheentity;　　(2)thetypeandcomplexityoftheentity'sdataprocessingsystem;　　(3)auditmateriality;　　(4)thetypeofrelevantinternalcontrols;　　(5)thedocumentationofrelevantinternalcontrols;and　　(6)theresultoftheassessmentofinherentrisk.　　Article12　　Inunderstandingtheinternalcontrols，theCPAshouldmakereasonableuseofpreviousauditexperience.Withregardtosignificantinternalcontrols，generallytheCPAmayalsoperformthefollowingprocedures：　　(1)makeenquiriesoftheentity'srelevantpersonsandinspecttherelevantinternalcontroldocumentation;　　(2)inspectthedocumentsandrecordsgeneratedbytheinternalcontrols;　　(3)observetheentity'sbusinessactivitiesandtheoperatingconditionsoftheinternalcontrols;and　　(4)choosecertaintypicaltransactionsandeventsandperformwalkthroughtestsonthem.　　Article13　　TheCPAshouldobtainandunderstandingofthecontrolenvironmentsufficienttoassesstheattitudes，awarenessandactionsoftheentity'smanagementregardinginternalcontrolsandtheirimportance.　　Majorfactorsaffectingthecontrolenvironmentinclude：　　(1)philosophy，methodsandstyleofmanagement;　　(2)organisationalstructureandmethodsofassigningauthorityandresponsibility;and　　(3)thecontrolsystem.　　Article14　　TheCPAshouldobtainanunderstandingoftheaccountingsystemsufficienttoidentifyandunderstand：　　(1)themajorclassesoftransactionsandactivitiesoftheentity;　　(2)howmajorclassesoftransactionsandactivitiesareinitiated;　　(3)significantsupportingdocuments，accountingrecordsanditemsinthefinancialstatements;and　　(4)theaccountingandfinancialreportingprocessforsignificanttransactionsandevents.　　Article15　　TheCPAshouldobtainanunderstandingofthefollowingmajorcontrolproceduressufficienttodeterminetherelevantauditproceduresreasonably：　　(1)theauthorisationoftransactions;　　(2)theassignmentofresponsibility;　　(3)thecontrolofsupportingdocumentsandrecords;　　(4)accesstoassetsanduseofrecords;and　　(5)anyindependentchecking.　　Article16　　Internalauditisanimportantcomponentoftheentity'scontrolsystem.TheCPAshouldconsiderthefollowingfactorswhenstudyingandevaluatingthequalityoftheinternalauditworktodeterminewhethertorelyontheresultsoftheinternalauditwork：　　(1)theindependenceoftheinternalauditors;　　(2)theexperienceandcompetenceoftheinternalauditors;　　(3)thenature，timingandextentoftheinternalauditprocedures;　　(4)thesufficiencyandappropriatenessoftheauditevidenceobtainedbytheinternalauditors;and　　(5)themeritplacedontheinternalauditworkbythemanagement.　　Article17　　TheCPAmayusevariousmethodssuchasnarrativedescriptions，questionnaires，checklists，flowchartsetc.tounderstandandevaluateinternalcontrolsandshouldincludethemintheauditworkingpapers.　　Article18　　TheCPAshouldinformtheentity'smanagementofmaterialinternalcontrolweaknessesidentifiedduringtheaudit.Ifnecessary，amanagementlettermaybeissued.　　Chapter4Auditrisk　　Article19　　Indevelopingtheoverallauditplan，theCPAshouldassessinherentriskatthefinancialstatementlevel.Inherentriskreferstothesusceptibilityofanaccountbalance，orclassoftransactions，tomaterialmisstatementsoromissions，eitherindividuallyorwhenaggregatedwithmisstatementsoromissionsinotheraccountbalancesorclassesoftransactions，assumingthattherewerenorelevantinternalcontrols.　　Article20　　Indevelopingthedetailedauditplan，theCPAshouldconsidertheimpactoftheassessmentofinherentriskonthematerialaccountbalancesorclassesoftransactionsattheassertionlevel，ordirectlyassumethatinherentriskishighfortheassertion.　　Article21　　TheCPAshouldexerciseprofessionaljudgementreasonablyandconsiderthefollowingfactorswhenassessinginherentrisk：　　(1)theintegrityandcompetenceofmanagement;　　(2)anychangesinmanagement，especiallythefinancialstaff;　　(3)anyunusualpressuresonmanagement;　　(4)thenatureofbusiness;　　(5)thecircumstancesandfactorsaffectingtheindustryinwhichtheentityoperates;　　(6)financialstatementitemslikelytobesusceptibletomisstatements;　　(7)thecomplexityofimportanttransactionsandeventswhichmightrequireusingtheworkofanexpert;　　(8)thedegreeofestimationandjudgementinvolvedindeterminingaccountbalances;　　(9)thesusceptibilityofassetstolossormisappropriation;　　(10)theoccurrenceofunusualorcomplextransactionsduringtheaccountingperiod，particularlyneartheaccountingperiodend;and　　(11)thesusceptibilityoftransactionsandeventstoomissionsintheroutineaccountingprocess.　　Article22　　Afterunderstandingtheinternalcontrolsandassessinginherentrisk，theCPAshouldmakeapreliminaryassessmentofcontrolrisk，attheassertionlevel，foreachmaterialaccountbalanceorclassoftransactions.Controlriskreferstothepossibilitythatamisstatementoromissionthatcouldoccurinanaccountbalanceorclassoftransactions，eitherindividuallyorwhenaggregatedwithmisstatementsoromissionsinotheraccountbalancesorclassesoftransactions，willnotbeprevented，detectedorcorrectedbytheinternalcontrols.　　Article23　　TheCPAshouldassessthecontrolriskofmaterialaccountbalancesorclassesoftransactionsatahighlevel，forsomeorallassertions，whenoneormoreofthefollowingsituationsoccurs：　　(1)theentity'sinternalcontrolsarenoteffective;　　(2)itisdifficultfortheCPAtoassesstheeffectivenessofinternalcontrols;or　　(3)theCPAdoesnotplantoperformcompliancetests.　　Article24　　Whenmakingapreliminaryassessmentofcontrolriskforafinancialstatementassertion，theCPAshouldnotassessthecontrolriskatahighlevelwhen：　　(1)relevantinternalcontrolsarelikelytoprevent，detectorcorrectmaterialmisstatementsoromissions;and　　(2)theCPAplanstoperformcompliancetests.　　Article25　　iftheCPAplanstorelyontheinternalcontrols，heshouldperformcomplianceprocedurestoassessthecontrolrisk.Thelowerthepreliminaryassessmentofcontrolrisk，themoreevidencetheCPAshouldobtaintoshowthatinternalcontrolsaresuitablydesignedandoperatingeffectively.　　Article26　　TheCPAmayperformthefollowingcomplianceprocedures：　　(1)inspectionofdocumentssupportingtransactionsandevents;　　(2)enquiriesabout，andobservationof，internalcontroloperationswhichleavenoaudittrail;and　　(3)reperformanceofrelevantinternalcontrolprocedures.　　Article27　　Whenoneormoreofthefollowingsituationsoccurs，theCPAmaydirectlyperformsubstantiveprocedureswithoutperformingcompliancetests：　　(1)therelevantinternalcontrolsdonotexist;　　(2)eventhoughtherelevantinternalcontrolsexist，theCPA，throughpreliminarystudy，discoversthattheinternalcontrolsdonotoperateeffectively;or　　(3)compliancetestsrequiremoreworkthanthereductionofsubstantiveteststhatwouldhavebeenachievedbyperformingcompliancetests.　　Article28　　Basedontheresultsofthecompliancetests，theCPAshouldassesswhetherthedesignandoperationoftheinternalcontrolsareinlinewiththeconclusiondrawnfromthepreliminaryassessmentofcontrolrisk.Iftherearediscrepancies，theassessedlevelofcontrolriskshouldberevisedandthenature，timingandextentofsubstantiveproceduresshouldbemodifiedaccordingly.　　Article29　　Inacontinuingengagement，theCPAmaymakeuseoftheinformationrelatingtothestudyandevaluationofinternalcontrolsobtainedinpriorperiods，butwillneedtoupdateit.　　Article30　　TheCPAshouldunderstandwhethertheinternalcontrolswereappliedconsistentlythroughouttheaccountingperiodbeingaudited.Iftherewereobviouschanges，theCPAshouldconsidertestingthemseparately.　　Article31　　Ifcompliancetestshavebeenperformedintheinterimaudit，theCPA，beforedecidingtorelyentirelyontheirresults，shouldconsiderthefollowingfactorstoobtainfurtherauditevidencefortheperiodbetweeninterimperiodendandfinalperiodend：　　(1)theconclusiondrawnfromthecompliancetestsintheinterimaudit;　　(2)thelengthoftheremainingperiodaftertheinterimaudit;　　(3)anychangesininternalcontrolsaftertheinterimaudit;　　(4)thenatureandamountofthetransactionsandactivitieswhichoccurredaftertheinterimaudit;and　　(5)thesubstantiveprocedurestobeperformed.　　Article32　　Beforeconcludingtheaudit，theCPAshould，basedontheresultsofsubstantivetestsandotherauditevidence，makeafinalassessmentofthecontrolriskandcheckwhetheritisinlinewiththeconclusiondrawnfromthepreliminaryassessmentoftherisk.Ifnot，theCPAshouldconsiderwhetheradditionalrelevantauditproceduresshouldbeperformed.　　Article33　　Ascontrolriskandinherentriskarerelated，theCPAshouldmakeanoverallassessmentofinherentriskandcontrolrisk，andusetheresultasthebasisfortheassessmentofdetectionrisk.　　Detectionriskreferstothepossibilitythatsubstantivetestswillnotdetectamisstatementoromissionthatexistsinanaccountbalanceorclassoftransactionsthatcouldbematerial，eitherindividuallyorwhenaggregatedwithmisstatementsoromissionsinotheraccountbalancesorclassesoftransactions.　　Theassessmentofinherentriskandcontrolriskhasadirectimpactontheassessmentofdetectionrisk.Forhigherlevelsofinherentriskandcontrolrisk，theCPAshouldperformmoredetailedsubstantiveproceduresandshouldalsoconsidertheirnature，timingandextenttoreducethedetectionrisktoanacceptablelevel.　　Article34　　Regardlessoftheresultoftheassessmentofinherentriskandcontrolrisk，theCPAshouldperformsubstantivetestsonallmaterialaccountbalancesorclassesoftransactions.　　Article35　　If，afterperformingrelevantauditprocedures，theCPAstillbelievesthatdetectionriskregardinganassertionforamaterialaccountbalanceorclassoftransactionscannotbereducedtoanacceptablelevel，theCPAshouldexpressaqualifiedopinionoradisclaimerofopinion.　　Article36　　Theinternalcontrolsinsmallbusinessesareusuallyweaker，resultinginhigherinherentriskandcontrolrisk.TheCPAshouldheavilyorentirelyrelyonsubstantiveprocedurestoobtainauditevidenceinordertoreducethedetectionrisktoanacceptablelevel.　　Chapter5Supplementaryprovisions　　Article37　　TheChineseInstituteofCertifiedPublicAccountantsisresponsiblefortheinterpretationofthisstandard.　　Article38　　Thisstandardtakeseffectfrom1January1997.