![]() | This article has multiple issues. Please help
improve it or discuss these issues on the
talk page. (
Learn how and when to remove these template messages)
|
Part of a series on |
Accounting |
---|
![]() |
An entity-level control is a control that helps to ensure that management directives pertaining to the entire entity are carried out. These controls are the second level[ clarification needed] to understanding the risks of an organization. Generally, entity refers to the entire company.
As a result of several accounting and auditing scandals, congress passed the Sarbanes-Oxley Act of 2002. Section 404 of the act requires company management to assess and report on the effectiveness of the company's internal control. It also requires the company's independent auditor to attest to management's disclosures regarding the effectiveness of internal control. The act also created the Public Company Accounting Oversight Board (PCAOB). [1]
The Public Company Accounting Oversight Board (PCAOB) became the primary regulator of audits of publicly traded companies. [2] In June 2007, the PCAOB adopted Auditing Standard 2201 (Supersedes AS No. 5). [3] This standard contains the standards over performing an audit of internal control over financial reporting that is integrated with an audit of financial statements.
The auditor must test entity-level controls that are important to the auditor's conclusion about whether the company has effective internal control over financial reporting. Depending on the auditor's evaluation of the effectiveness of the entity-level controls, the auditor can increase or decrease the amount of testing that they will perform.
Entity-level controls vary greatly in nature and precision. Their effect on the audit plan varies according to how precise they are.
Type | Description | Audit Effect |
---|---|---|
Indirect | Some entity-level controls have an indirect effect on the chances of detecting or preventing a misstatement on a timely basis. They do not directly relate to risks at the financial statement assertion level. | Affect control selection, and the nature, timing, and extent of the procedures performed. |
Monitoring | Some entity-level controls monitor the effectiveness of other controls. They could be designed to identify breakdowns of lower level controls. These controls are not precise enough by themselves to specifically address the assessed risk at the relevant assertion level. | Reduce the testing of other controls if operating effectively. |
Precise | Some entity-level controls are precise enough to prevent or detect misstatements on a timely basis. | If the control sufficiently addresses the risk, then additional tests of controls relating to that risk are not necessary |
|
|
Entity-level controls, along with all other internal controls should be evaluated by independent auditors according to SAS 109 (AU 314) issued by the AICPA. SAS 109 stipulates that "auditors should obtain an understanding of the five components of internal control sufficient to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures." [4]
The information gathered from obtaining an understanding of the five components of internal control should be used to do the following:
Entity-level controls are generally included in the testing.
The aforementioned five components of internal control refer to the five parts of the COSO framework. [5] The framework gives auditors a way to evaluate the controls of an entity.
The five components are:
Entity-level controls often fit into one or more of the five COSO components.
COSO Components | Background Checks | Audit Committee | Internal Audit | Shared Services |
---|---|---|---|---|
Control Environment | X | X | ||
Risk Assessment | X | X | X | |
Information & Communication | X | X | X | X |
Monitoring | X | X |
There are four basic steps that management can use to evaluate entity-level controls:[ citation needed]
Entity-level controls have a pervasive influence throughout an organization. If they are weak, inadequate, or nonexistent, they can produce material weaknesses relating to an audit of internal control and material misstatements in the financial statements of the company. The presence of material misstatements could result in receiving an adverse opinion on internal controls and a qualified opinion on the financial statements. Material misstatements are expensive to fix, and receiving an adverse or qualified opinion generally results in a drop in stock price of a publicly traded company.
![]() | This article has multiple issues. Please help
improve it or discuss these issues on the
talk page. (
Learn how and when to remove these template messages)
|
Part of a series on |
Accounting |
---|
![]() |
An entity-level control is a control that helps to ensure that management directives pertaining to the entire entity are carried out. These controls are the second level[ clarification needed] to understanding the risks of an organization. Generally, entity refers to the entire company.
As a result of several accounting and auditing scandals, congress passed the Sarbanes-Oxley Act of 2002. Section 404 of the act requires company management to assess and report on the effectiveness of the company's internal control. It also requires the company's independent auditor to attest to management's disclosures regarding the effectiveness of internal control. The act also created the Public Company Accounting Oversight Board (PCAOB). [1]
The Public Company Accounting Oversight Board (PCAOB) became the primary regulator of audits of publicly traded companies. [2] In June 2007, the PCAOB adopted Auditing Standard 2201 (Supersedes AS No. 5). [3] This standard contains the standards over performing an audit of internal control over financial reporting that is integrated with an audit of financial statements.
The auditor must test entity-level controls that are important to the auditor's conclusion about whether the company has effective internal control over financial reporting. Depending on the auditor's evaluation of the effectiveness of the entity-level controls, the auditor can increase or decrease the amount of testing that they will perform.
Entity-level controls vary greatly in nature and precision. Their effect on the audit plan varies according to how precise they are.
Type | Description | Audit Effect |
---|---|---|
Indirect | Some entity-level controls have an indirect effect on the chances of detecting or preventing a misstatement on a timely basis. They do not directly relate to risks at the financial statement assertion level. | Affect control selection, and the nature, timing, and extent of the procedures performed. |
Monitoring | Some entity-level controls monitor the effectiveness of other controls. They could be designed to identify breakdowns of lower level controls. These controls are not precise enough by themselves to specifically address the assessed risk at the relevant assertion level. | Reduce the testing of other controls if operating effectively. |
Precise | Some entity-level controls are precise enough to prevent or detect misstatements on a timely basis. | If the control sufficiently addresses the risk, then additional tests of controls relating to that risk are not necessary |
|
|
Entity-level controls, along with all other internal controls should be evaluated by independent auditors according to SAS 109 (AU 314) issued by the AICPA. SAS 109 stipulates that "auditors should obtain an understanding of the five components of internal control sufficient to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures." [4]
The information gathered from obtaining an understanding of the five components of internal control should be used to do the following:
Entity-level controls are generally included in the testing.
The aforementioned five components of internal control refer to the five parts of the COSO framework. [5] The framework gives auditors a way to evaluate the controls of an entity.
The five components are:
Entity-level controls often fit into one or more of the five COSO components.
COSO Components | Background Checks | Audit Committee | Internal Audit | Shared Services |
---|---|---|---|---|
Control Environment | X | X | ||
Risk Assessment | X | X | X | |
Information & Communication | X | X | X | X |
Monitoring | X | X |
There are four basic steps that management can use to evaluate entity-level controls:[ citation needed]
Entity-level controls have a pervasive influence throughout an organization. If they are weak, inadequate, or nonexistent, they can produce material weaknesses relating to an audit of internal control and material misstatements in the financial statements of the company. The presence of material misstatements could result in receiving an adverse opinion on internal controls and a qualified opinion on the financial statements. Material misstatements are expensive to fix, and receiving an adverse or qualified opinion generally results in a drop in stock price of a publicly traded company.