For Wizard Kim - ZFC

tkrmaslatwbha81
CASE13-9StudentGuideforassignment.docx
Home>Business & Finance homework help>Accounting homework help>For Wizard Kim - ZFC

CASE 13-9 ZOU’s Fencing Controls

Student Guide

Objectives of the Case

This case gives students an opportunity to (1) obtain an understanding of factors to consider when evaluating the design of a control, including identifying criteria that may be considered when evaluating the design of controls to determine whether they operate at a level of precision that sufficiently addresses the assessed risk of material misstatement; (2) identify the factors to consider when assessing the risk associated with the control; and (3) plan appropriate procedures to test the operating effectiveness of controls, including roll forward procedures considering the risk associated with the control.

Applicable Professional Pronouncements and Other Relevant Guidance

PCAOB Auditing Standard No. 2110, Identifying and Assessing Risks of Material Misstatement (PCAOB AS 2110)

PCAOB Auditing Standard No. 2201, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements (PCAOB AS 2201)

PCAOB Auditing Standard No. 2301, The Auditor’s Responses to the Risks of Material Misstatement (PCAOB AS 2301)

PCAOB Staff Views, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements: Guidance for Auditors of Smaller Public Companies (PCAOB Staff Views white paper)

PCAOB Staff Practice Alert No. 11, Considerations for Audits of Internal Control Over Financial Reporting (PCAOB Staff Practice Alert)

Background

PCAOB AS 2201 discusses guidance on performing an audit of management’s assessment of the effectiveness of internal control over financial reporting. This audit is integrated with the financial statement audit. Paragraphs .03 and .06 through .08 of PCAOB AS 2201 state, in part:

.03 The auditor’s objective in an audit of internal control over financial reporting is to express an opinion on the effectiveness of the company’s internal control over financial reporting.

.06 The audit of internal control over financial reporting should be integrated with the audit of the financial statements. The objectives of the audits are not identical, however, and the auditor must plan and perform the work to achieve the objectives of both audits.

.07 In an integrated audit of internal control over financial reporting and the financial statements, the auditor should design his or her testing of controls to accomplish the objectives of both audits simultaneously —

• To obtain sufficient evidence to support the auditor’s opinion on internal control over financial reporting as of year-end, and

Case 13-9s: ZOU’s Fencing Controls Page 2

Copyright 2019 Deloitte Development LLC All Rights Reserved.

• To obtain sufficient evidence to support the auditor’s control risk assessments for purposes of the audit of financial statements.

.08 Obtaining sufficient evidence to support control risk assessments of low for purposes of the financial statement audit ordinarily allows the auditor to reduce the amount of audit work that otherwise would have been necessary to opine on the financial statements. . . .

Note: In some circumstances, particularly in some audits of smaller and less complex companies, the auditor might choose not to assess control risk as low for purposes of the audit of the financial statements. In such circumstances, the auditor’s tests of the operating effectiveness of controls would be performed principally for the purpose of supporting his or her opinion on whether the company’s internal control over financial reporting is effective as of year-end. The results of the auditor’s financial statement auditing procedures also should inform his or her risk assessments in determining the testing necessary to conclude on the effectiveness of a control.

PCAOB AS 2110 discusses guidance on obtaining an understanding of internal control over financial reporting for the financial statement audit. Paragraphs .18 and .21 of PCAOB AS 2110 state:

.18 The auditor should obtain a sufficient understanding of each component of internal control over financial reporting (“understanding of internal control”) to (a) identify the types of potential misstatements, (b) assess the factors that affect the risks of material misstatement, and (c) design further audit procedures. [Footnote omitted]

.21 Internal control over financial reporting can be described as consisting of the following components:

• The control environment,

• The company’s risk assessment process,

• Information and communication,

• Control activities, and

• Monitoring of controls. [Footnote omitted]

Under paragraph .46 of PCAOB AS 2201, when planning the test of operating effectiveness of a control, auditors should consider the risk associated with a control. “The risk associated with a control consists of the risk that the control might not be effective and, if not effective, the risk that a material weakness would result. As the risk associated with the control being tested increases, the evidence that the auditor should obtain also increases.”

Note that paragraph .18 of PCAOB AS 2110 has a similar concept to that of paragraph .46 of PCAOB AS 2201, described above.

Finally, PCAOB AS 2301 addresses testing controls in an audit of financial statements.

Paragraphs .16 and .17 of PCAOB AS 2301 state that an auditor may test controls in a financial statement audit to reduce the level of substantive procedures:

.16 Controls to Be Tested. If the auditor plans to assess control risk at less than the maximum by relying on controls, and the nature, timing, and extent of planned substantive procedures are based on that lower assessment, the auditor must obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance. However, the auditor is not required to assess control risk at less than the maximum for all relevant assertions and, for a variety of reasons, the auditor may choose not to do so. [Footnotes omitted]

.17 Also, tests of controls must be performed in the audit of financial statements for each relevant assertion for which substantive procedures alone cannot provide sufficient appropriate audit evidence and when necessary to support the auditor’s reliance on the accuracy and completeness of financial information used in performing other audit procedures.

For other relevant assertions, substantive procedures alone may not provide the auditor with sufficient appropriate audit evidence. Paragraph .18 of PCAOB AS 2301 states:

Evidence About the Effectiveness of Controls in the Audit of Financial Statements. In designing and performing tests of controls for the audit of financial statements, the evidence necessary to support the auditor's control risk assessment depends on the degree of reliance the auditor plans to place on the effectiveness of a control. The auditor should obtain more persuasive audit evidence from tests of controls the greater the reliance the auditor places on the effectiveness of a control. The auditor also should obtain more persuasive evidence about the effectiveness of controls for each relevant assertion for which the audit approach consists primarily of tests of controls, including situations in which substantive procedures alone cannot provide sufficient appropriate audit evidence.

Entity-level controls are controls that have a pervasive effect on a company’s internal control. These controls are varied and, as noted in paragraph .24 of PCAOB AS 2201, include

Copyright 2019 Deloitte Development LLC All Rights Reserved.

• Controls related to the control environment;

• Controls over management override;

Note: Controls over management override are important to effective internal control over financial reporting for all companies, and may be particularly important at smaller companies because of the increased involvement of senior management in performing controls and in the period-end financial reporting process. For smaller companies, the controls that address the risk of management override might be different from those at a larger company. For example, a smaller company might rely on more detailed oversight by the audit committee that focuses on the risk of management override.

• The company’s risk assessment process;

• Centralized processing and controls, including shared service environments;

• Controls to monitor results of operations;

• Controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs;

• Controls over the period-end financial reporting process; and

• Policies that address significant business control and risk management practices.

Some entity-level controls might be designed to operate at a level of precision that would adequately prevent or detect on a timely basis misstatements to one or more relevant assertions. If an entity-level control sufficiently addresses the assessed risk of material misstatement, the auditor need not test additional controls relating to that risk. ,

ADDRESS EACH QUESTION, DISCUSSION and support it with the appropriate applicable pronouncement from FASB. You can copy/paste in your answer as long as you quote the sources adequately. Please discuss why your FASB choice is most applicable in addressing the question.