外文翻译原文Audits of Internal ControlMaterial Source:/cpajournal/2005/505/essentials/p22.htmAuthor: Jack W. PaulMAY 2005 - The Sarbanes-Oxley Act of 2002 requires public accounting firms that audit public companies to register with the Public Company Accounting Oversight Board (PCAOB) and to adhere to professional standards established by the board for audits of public companies. The PCAOB’s pronouncement, Auditing Standard 2, An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements, requires auditors to issue an opinion on the effectiveness of their public company clients’ internal control.On June 5, 2003, the SEC issued Release 33-8238 to implement section 404(a) of the Sarbanes-Oxley Act (SOA), which requires management to include in the annual report to shareholders its assessment of the effectiveness of internal control. The company’s external auditors must attest to and report on management’s assessment for fiscal years beginning on or after January 15, 2006, for accelerated filers, and on or after July 15, 2006, for no accelerated filers. Standard 2 imposes many new responsibilities on public companies’ auditors and, by extension, on the public companies themselves. In it over 200 pages, Standard 2 delineates the PCAOB’s expectations for an internal control audit.Auditor’s responsibilities. Standard 2 requires the auditor to do the following: •Understand and evaluate management’s process for assessing the effectiveness of the company’s internal control over financial reporting.•Plan and conduct an audit of the company’s internal control.•Based on this audit, provide an opinion on management’s written assessment about the effectiveness of the company’s internal control.This opinion incorporates the auditor’s opinion on the effectiveness of the company’s internal control over financial reporting.These responsibilities augment those required for the financial statement audit. Included EntitiesIn general, the scope of the audit of internal control includes all entities over which management has the ability to affect internal control:•Entities acquired on or before the date of management’s assessment as of the end of the fiscal year, including consolidated entities or those proportionately consolidated; and•Those accounted for as discontinued operations at the end of the fiscal year.In some situations, such as when management does not have the ability to affect the controls of an equity method investee, the auditor’s s cope includes only the controls related to the investor’s financial reporting of its interest in the investee, rather than the controls in place at the investee. The applicable controls are those designed to ensure proper application of the equity method in reporting the company’s proportion of investee income or loss, the investment balance, adjustments, and disclosures. Variable interest entities (VIE), defined in FASB Interpretation 46, are treated in a similar fashion when management is not the primary beneficiary and does not consolidate the VIE. Importantly, the auditor must evaluate the reasonableness of management’s claims regarding its inability to affect controls at such entities.Whereas design effectiveness pertains to whether a control is properly crafted, operating effectiveness deals with use of a properly designed control to prevent, detect, or correct misstatements or irregularities on a timely basis. For example, a daily reconciliation of cash receipts is not effectively designed when the cashier performs the reconciliation. But if an independent person is designated to perform the reconciliation and the other procedures are properly documented, the control is effectively designed. The control is not operating effectively when the independent reconciler either fails to perform the reconciliation daily or does so in a perfunctory manner. Design effectiveness of this control could be tested by reviewing documentation to ensure that the procedures are satisfactory. Operating effectiveness could b e tested by examining the reconciler’s initials on the daily reconciliation sheet.A striking difference between a financial statement and an internal control audit relates to the opportunity to correct deficiencies. Whereas a company can correct material misstatements detected during a financial statement audit by accepting the auditor’s proposed adjustments, if the auditor detects a material control weakness, itmay not be possible to fix it in time. Because the auditor’s opinion is “as of” the balance sheet date, the auditor must issue an adverse opinion on internal control when material weaknesses exist, even when the company receives an unqualified opinion on the financial statements.Take as a whole. The auditor exercises judgment to ascertain those accounts considered “significant” or more than material. The auditor also considers qualitative characteristics. For example, investment balances not material to the overall financial statements may obscure the true nature of the relationship, especially when the investment is in partially consolidated entities or involves debt guarantees. And certain accounts that are liquid or incorporate significant estimates are riskier than others. Examples include cash, marketable securities, and warranty liabilities.Point in time. Internal control procedures can relate to either transaction flows or account balances, sometimes referred to as “stocks.” Examples of controls relating to transaction flows include approving cash disbursements; prelisting cash receipts; approving credit sales; and matching purchase orders, vendor invoices, and receiving reports when booking accounts payable. Controls over balances (stocks) include periodic reconciliation of bank accounts; reconciliation of subsidiary ledgers with control accounts; procedures for physical inventory counts; and controls governing the periodic preparation of financial statements. Overarching controls include the factors comprising the control environment. Overarching controls and those pertaining to flows operate continuously throughout the fiscal period; controls relating to balances typically operate less frequently. Thus bank accounts are reconciled monthly, whereas controls over cash flows are continuous.Timing considerations. Controls must operate for a long enough period, which need not be an entire fiscal year, to provide sufficient confidence in the auditor’s control tests. Accordingly, the auditor must make several observations of controls that operate only at a point in time. Controls that operate infrequently should be tested closer to the “as of” date. These include controls over: the periodic preparation of financial statements; individual account balances; and no routine transactions. Consider a calendar-year company that begins the procedure of reconciling the accounts-receivable subsidiary ledger to the control account only at the end of December. The auditor might conclude that one observation is not sufficient to evaluate this control’s operating effectiveness.These considerations suggest that an unqualified opinion on internal control should state: “The controls were effective for a sufficient period of time during the fiscal year to be able to support the conclusion that they were still effective at the end of the period.” Nevertheless, Standard 2 calls for expressing an opinion as of a point in time, the end of the fiscal year.PCAOB Standard 2 requires the auditor to obtain evidence of the effectiveness of controls pertaining to all relevant assertions for all significant accounts each year; each year must stand on its own. It also calls for the auditor to vary the nature, extent, and timing of testing from year to year to introduce unpredictability and to respond to changing circumstances. Examples of variations include changing the number of tests performed and adjusting the combination of testing procedures.Audit ReportsStandard 2 specifies the content of the report on internal control. Auditors should be aware of several factors:•An auditor may provide either separate or combined reports on the financial statements and internal control.•Whereas the opinion on the financial statements typically addresses multiple periods, the opinion on internal control covers only the most recent fiscal year.•When an auditor issues separate reports, the annual report must contain both.•The reports should have the same date, normally the last day of fieldwork.•An auditor’s report on management’s assessment of internal control over financial reporting includes an opinion on the company’s internal control.When the auditor issues an unqualified opinion on the financial statements but an adverse opinion on internal control, due to one or more material weaknesses, the report should indicate that the conduct of the financial statement audit took those material weaknesses into account. This information helps readers of the financial statements understand why the auditor gave an unqualified opinion on the financial statements. The auditor should include similar language when the adverse opinion on internal control affects the opinion on the financial statements.Most Likely Reasons for Opinion ModificationsAs a practical matter, opinion modifications are likely to arise from three circumstances:•Material misstatements detected by the auditor were not identified by the company. This situation could result in an adverse opinion.•Inadequate documentation. This situation is a control deficiency that may constitute a material weakness if extensive. In this case, the auditor renders an adverse opinion.•Inadequate management assessment creates a scope limitation requiring a disclaimer, a qualified opinion on internal control, or withdrawal from the engagement.Because it requires the auditor to go well beyond the review and evaluation of controls that was the norm for reporting on financial statements, Standard 2 promises to fundamentally alter the control systems in public companies and auditors’ assessment of them, thereby providing additional assurance to u sers.译文内部控制审计资料来源:http:// /cpajournal/2005/505/essentials/p22.htm作者：杰克·保罗2005年5月的萨班斯-奥克斯利法案, PCAOB发布了其第2号审计标准：“与财务报表审计相关的针对财务报告的内部控制的审计”，该标准关注对财务报告的内部控制的审计工作，以及这项工作与财务报表审计的关系问题。