The PCAOB created Audit Standard No. 5, this standard was created to comply with section 404 of the Sarbanes-Oxley Act of 2002. Auditing Standard No. 5 rewrote the requirements necessary for auditors to perform management assessments of the usefulness on the internal controls over financial reporting. By focusing more attention on the internal controls, the financial statements will provide more reliability. Auditing Standard No. 5 replaced Auditing Standard No. 2- An Audit of Internal Control Over Financial Reporting Performed in Conjunction with An Audit of Financial Statements. AS2 used the bottom-up approach, which aims at focusing on transactions and account level tests. Meanwhile, AS5 follows the top-down approach looks at the overview of the company then focuses on the major internal control problems that could lead to a material misstatement.
Objectives of the Top-Down Approach
Auditing Standard No. 5 directs auditors to conduct a top-down risk base audit. Top-down risk assessment approach is basically the thought process that auditors do in order to determine the risks and controls to test within a specific public company. This standard provides help to the independent auditors to confirm or report on management assessment of the effectiveness for the internal control over financial reporting. The top down approach begins by overlooking major financial reporting sources such as accounts and disclosures. This will help auditors find the material risks and then determine which one to focus on more. The Board of Directors, management, and the audit committee set the internal controls. They are the contributors that determine the style of the business operations, without an effective style of business operations; the internal controls will most likely not be as effective. The auditor looks at entity level controls and then looks down at different accounts, disclosures, and assertions that could bring fourth a material misstatement to the financial statement. AS5 describes that the auditors procedures used by auditors in order to assure that the internal controls are working accurately. This means that the auditor must look closely at financial reports, procedures, and the specific transactions related to the financial reports to check for any possible future misstatements. The auditor must analyze the risk factors related to the financial statements that can relate to the significant accounts and disclosures. AS5 also describes the four objectives in which auditors should use to focus on when conducting their internal control evaluations. Auditors must be knowledgeable on the transactions related to significant accounts and disclosures. They should have an idea where material misstatements are most likely to occur. The internal controls that management implements to mitigate any possible material misstatements must be understood by the auditor. Then finally, the auditor must understand both external and internal controls that deal with the assets of the company. This will help auditors understand the company, which will help in the long run to identify all the possible problems. The top-down approach gives both management and the auditor's evidence needed to determine the internal risks. When the auditor has an overview of the whole company's, then he can focus on certain areas within the internal controls that are most vulnerable to a material misstatement.
Material Weakness and Significant Deficiency
Material weakness means that a material misstatement in financial reporting is more likely to occur due to deficiencies. When a material weakness is undetected by an auditor a material misstatement could happen which would eventually put a tangible effect on a company's valuations. A significant deficiency has to do with problems relating to the internal controls of financial reporting. A significant deficiency does not necessarily mean that it will lead into a material weakness but if it is not addressed immediately buy the auditor and brought up to managements attention, then the significant deficiency has a higher chance in becoming a material weakness.
Indicators of Material Weakness
The Auditing Standard No. 5 describes the certain aspects used to detect material weaknesses. If there was any fraud within the company an auditor should investigate that in order to determine what the material weakness was presented as. In addition, when a material misstatement happens within the financial statements, then a restatement of those previous statements must be addressed and therefore the restatement would be a result of a material weakness within the restated sections. Another indicator would be that an auditor should always find a material misstatement within the current period that could have not been detected earlier, by the company's internal controls. If the audit committee does not apply the proper procedures to oversight the internal controls that relates to financial reporting, then this becomes an indictor to a material weakness. Finally, if there is a presence of material weakness then the auditor should determine whether the actions or decisions of management would eventually affect the reasonable assurance of the financial statements are free from material misstatements.
Communications with Audit Committee and Reports
The auditor has to document and report in writing to the audit committee and management of all the material weaknesses that he discovered within the audit. The auditors must comply with these proper procedures before they report all the material weaknesses on the final audit report. When a significant deficiency has been discovered or noted by the auditor, then the auditor must notify management and the audit committee about it, so they can quickly address the risk. In either case, the auditor has to communicate with management and audit committee concerning material weaknesses and significant deficiencies, while an audit report includes the review of all the internal controls related to financial reporting that the auditor has to write.