|
Article 31
|
CPAs retained to conduct special audits of internal control systems of a public company shall conduct such procedures in four stages:
- Planning:
- Obtain written records of the audited company's board of directors' and managers' control objectives and internal control system policies and procedures, and other necessary information.
- Formulate an audit plan. The following factors at least shall be taken into consideration: the characteristics of the industry to which the enterprise belongs, information obtained when undertaking work under other engagements with the audited company, the condition of the audited company and recent changes in it, evidence available to the CPAs, the nature of specific internal control system procedures and the importance of such procedures to the overall internal control systems, preliminary assessment of the effectiveness of the overall internal control systems, differences among various operating locations, degree of centralization, transactions executed and the control environment, and the materiality/significance level and control risk in connection with the internal control system that are acceptable to the CPAs.
- Gaining an understanding of the internal control system:
CPAs may use means such as inquiry, inspection, and observation to gain an understanding of the internal control system of the audited company, by which to assess the effectiveness of the internal control system.
- Assessing the effectiveness of the design of the internal control system:
- When assessing the effectiveness of the design of the audited company's internal control system, CPAs shall collect evidence regarding the effectiveness of the design. Methods for collecting such evidence include inquiry, inspection, and observation.
- When assessing the effectiveness of the design of the internal control system, CPAs shall focus on whether the overall internal control system achieves a given goal rather than whether any given specific operation of the internal control system is inappropriate.
- When engaged only to evaluate the effectiveness of the design of the internal control system, CPAs shall conduct necessary control tests based on actual needs.
- Testing and assessing the operating effectiveness of the internal control system:
- CPAs shall conduct control tests to collect evidence regarding the operation of the internal control system to provide a basis for assessing the operating effectiveness of the internal control system.
- Methods for conducting control tests by CPAs include inquiry, inspection, observation, and re-testing. Control tests shall be conducted until sufficient and appropriate evidence has been collected. Evidence collected by the audited company during self-assessment of the internal control system shall not be substituted directly for evidence to be collected by the CPAs.
- Whether the evidence collected by CPAs is sufficient and appropriate is affected by the following factors: the nature of the audited company's internal control procedures, the importance of the internal control procedures to attainment of the control objectives, the probability of violation of control procedures by the audited company, the nature and extent of control tests already conducted by the audited company, and the CPAs' preliminary assessment of the effectiveness of the control procedures. CPAs shall also execute necessary procedures and collect necessary evidence regarding subsequent events during the post audit period.
|