内部控制与审计风险(英)

1、内部控制与审计计风险（英）Chaptter 1 Generral prrovisiionsArticcle 1This standdard iis preeparedd in aaccorddance with the GGeneraal Inddependdent AAuditiing Sttandarrd to estabblish standdards for CCertiffied PPublicc Accoountannts (“CCPAs”) on tthe sttudy aand evvaluattion oof an entittys iinternnal coontrolls

2、 in the aaudit of fiinanciial sttatemeents， to asssess auditt riskk， to improove auudit eefficiiency and tto enssure aa highh stanndard of prrofesssionall workk.Articcle 2The tterm “iinternnal coontrolls” inn thiss stanndard referrs to the ppoliciies annd proocedurres foormulaated aand immplemeented

3、 by ann entiity wiith a view to ennsurinng thee effiicientt condduct oof thee busiiness activvitiess， saffeguarrding assetts， prreventting， deteccting and ccorreccting errorr and fraudd， andd ensuuring the ttruthffulnesss， leegitimmacy aand coomplettenesss of aaccounnting inforrmatioon.Interrnal cco

4、ntrools inncludee the contrrol ennvironnment， accouuntingg systtems aand coontroll proccedurees.Articcle 3The tterm “aaudit risk” in thhis sttandarrd reffers tto thee posssibiliity off the CPA eexpresssing an innapproopriatte auddit oppinionn afteer perrformiing ann audiit， whhen thhe finnanciaal st

5、aatemennts coontainn mateerial missttatemeents oor omiissionns. Auudit rrisk iincluddes innherennt rissk， coontroll riskk and detecction risk.Articcle 4Unlesss othherwisse speecifieed， CPPAs shhould referr to tthis sstandaard inn perfforminng auddit woork otther tthan tthe auudit oof finnanciaal sta

6、atemennts.Chaptter 2 Generral prrincipplesArticcle 5When prepaaring the aaudit plan， the CCPA shhould studyy and evaluuate tthe enntitys intternall conttrols.Articcle 6The CCPA shhould perfoorm coompliaance ttests on anny intternall conttrols， whichh are intennded tto be relieed upoon， too deteermin

7、ee the impacct on the nnaturee， timming aand exxtent of thhe subbstanttive ttests.Articcle 7The CCPA shhould mainttain pprofesssionaal sceepticiism， aapply profeessionnal juudgemeent reeasonaably tto asssess tthe auudit rrisk aand too desiign annd perrform relevvant aaudit proceeduress in oorder to

8、reeduce the aaudit risk to ann acceeptablle levvel.Articcle 8The CCPA shhould documment tthe woork caarriedd out and tthe reesultss of tthe sttudy aand evvaluattion oof thee inteernal contrrols aand thhe asssessmeent off the auditt riskk in tthe auudit wworkinng pappers.Chaptter 3 Interrnal ccontroo

9、lsArticcle 9It iss the accouuntingg respponsibbilityy of tthe enntitys mannagemeent too estaablishh sounnd intternall conttrols. The relevvant iinternnal coontrolls shoould ggeneraally：(1) eensuree thatt busiiness activvitiess are conduucted in acccordaance wwith aapproppriatee authhorizaation;(2) e

10、ensuree thatt all transsactioons annd eveents aare prromptlly reccordedd at tthe coorrectt amouunt， iin thee apprropriaate acccountts andd in tthe prroper accouuntingg periiod， tto enaable ppreparrationn of ffinanccial sstatemments in acccordaance wwith tthe reelevannt reqquiremments of thhe acccoun

11、tiing sttandarrds;(3) eensuree thatt acceess too and handlling oof asssets aand reecordss are permiitted only in acccordaance wwith aapproppriatee authhorizaation; and(4) eensuree thatt asseets reecordeed aree recooncileed witth thee physsical assetts at regullar inntervaals.Articcle 100When deterrm

12、ininng thee reliiabiliity off inteernal contrrols， the CCPA shhould mainttain pprofesssionaal sceepticiism annd payy adeqquate attenntion to thhe folllowinng inhherentt limiitatioons off inteernal contrrols：(1) TThe deesign and iimplemmentattion oof intternall conttrols are rrestriicted by thhe prii

13、nciplle of cost and bbenefiit;(2) IInternnal coontrolls tennd to be diirecteed at routiine buusinesss acttivitiies;(3) EEven pperfecctly ddesignned innternaal conntrolss may not ooperatte efffectivvely ddue too humaan carrelesssness， distrractioon， miis-juddgemennt andd the misunndersttandinng of in

14、strructioons;(4) IInternnal coontrolls mayy be ccircummventeed thrrough the ccollussion bby rellevantt perssons wwith ppartiees insside oor outtside the eentityy;(5) IInternnal coontrolls mayy be ccircummventeed wheen a ppersonn respponsibble foor exeercisiing ann inteernal contrrol abbuses that res

15、poonsibiility or suubmitss to eexternnal prressurre; annd(6) IInternnal coontrolls mayy deteerioraate orr becoome inneffecctive due tto chaanges in thhe opeeratinng envvironmment aand thhe natture oof thee busiiness.Articcle 111When prepaaring the aaudit plan， the CCPA shhould underrstandd the desig

16、gn andd operratingg condditionns of the eentityys innternaal conntrolss.When deterrmininng thee natuure， ttimingg and extennt of the aaudit proceeduress whicch shoould bbe perrformeed to underrstandd the interrnal ccontrools， tthe CPPA shoould mmainlyy conssider the ffollowwing ffactorrs：(1) tthe si

17、ize annd bussinesss compplexitty of the eentityy;(2) tthe tyype annd commplexiity off the entittys ddata pprocesssing systeem;(3) aaudit materrialitty;(4) tthe tyype off releevant interrnal ccontrools;(5) tthe doocumenntatioon of relevvant iinternnal coontrolls; annd(6) tthe reesult of thhe asssessm

18、eent off inheerent risk.Articcle 122In unndersttandinng thee inteernal contrrols， the CCPA shhould make reasoonablee use of prreviouus auddit exxperieence. With regarrd to signiificannt intternall conttrols， generrally the CCPA maay alsso perrform the ffollowwing pproceddures：(1) mmake eenquirries o

19、of thee entiitys relevvant ppersonns andd insppect tthe reelevannt intternall conttrol ddocumeentatiion;(2) iinspecct thee docuumentss and recorrds geeneratted byy the interrnal ccontrools;(3) oobservve thee entiitys businness aactiviities and tthe opperatiing coonditiions oof thee inteernal contrro

20、ls; and(4) cchoosee certtain ttypicaal traansacttions and eeventss and perfoorm waalkthrrough testss on tthem.Articcle 133The CCPA shhould obtaiin andd undeerstannding of thhe conntrol envirronmennt suffficieent too asseess thhe atttitudees， awwareneess annd acttions of thhe enttityss manaagemennt r

21、eggardinng intternall conttrols and ttheir imporrtancee.Majorr facttors aaffectting tthe coontroll enviironmeent inncludee：(1) pphilossophy， methoods annd styyle off manaagemennt;(2) oorganiisatioonal sstructture aand meethodss of aassignning aauthorrity aand reesponssibiliity; aand(3) tthe coontrol

22、l systtem.Articcle 144The CCPA shhould obtaiin an underrstandding oof thee accoountinng sysstem ssufficcient to iddentiffy andd undeerstannd：(1) tthe maajor cclassees of transsactioons annd acttivitiies off the entitty;(2) hhow maajor cclassees of transsactioons annd acttivitiies arre iniitiateed;(3

23、) ssignifficantt suppportinng doccumentts， acccountting rrecordds andd itemms in the ffinanccial sstatemments; and(4) tthe acccountting aand fiinanciial reeportiing prrocesss for signiificannt traansacttions and eeventss.Articcle 155The CCPA shhould obtaiin an underrstandding oof thee folllowingg ma

24、joor conntrol proceeduress suffficiennt to deterrmine the rrelevaant auudit pproceddures reasoonablyy：(1) tthe auuthoriisatioon of transsactioons;(2) tthe asssignmment oof ressponsiibilitty;(3) tthe coontroll of ssupporrting documments and rrecordds;(4) aaccesss to aassetss and use oof reccords; and

25、(5) aany inndepenndent checkking.Articcle 166Interrnal aaudit is ann impoortantt compponentt of tthe enntitys conntrol systeem. Thhe CPAA shouuld coonsideer thee folllowingg facttors wwhen sstudyiing annd evaaluatiing thhe quaality of thhe intternall audiit worrk to deterrmine whethher too relyy on

26、tthe reesultss of tthe innternaal auddit woork：(1) tthe inndepenndencee of tthe innternaal audditorss;(2) tthe exxperieence aand coompeteence oof thee inteernal audittors;(3) tthe naature， timinng andd exteent off the interrnal aaudit proceeduress;(4) tthe suufficiiency and aapproppriateeness of thh

27、e auddit evvidencce obttainedd by tthe innternaal audditorss; andd(5) tthe meerit pplacedd on tthe innternaal auddit woork byy the managgementt.Articcle 177The CCPA maay usee variious mmethodds succh as narraative descrriptioons， qquestiionnaiires， checkk listts， fllow chharts etc. to unndersttand a

28、and evvaluatte intternall conttrols and sshouldd incllude tthem iin thee audiit worrking paperrs.Articcle 188The CCPA shhould inforrm thee entiitys managgementt of mmateriial innternaal conntrol weaknnessess idenntifieed durring tthe auudit. If neecessaary， aa manaagemennt lettter mmay bee issuued.C

29、haptter 4 Auditt riskkArticcle 199In deevelopping tthe ovveralll audiit plaan， thhe CPAA shouuld asssess inherrent rrisk aat thee finaanciall stattementt leveel. Innherennt rissk reffers tto thee suscceptibbilityy of aan acccount balannce， oor claass off trannsactiions， to maateriaal missstateements

30、s or oomissiions， eitheer inddividuually or whhen agggregaated wwith mmisstaatemennts orr omisssionss in oother accouunt baalancees or classses off trannsactiions， assumming tthat tthere were no reelevannt intternall conttrols.Articcle 200In deevelopping tthe deetaileed auddit pllan， tthe CPPA shoou

31、ld cconsidder thhe imppact oof thee asseessmennt of inherrent rrisk oon thee mateerial accouunt baalancees or classses off trannsactiions aat thee asseertionn leveel， orr direectly assumme thaat inhherentt riskk is hhigh ffor thhe asssertioon.Articcle 211The CCPA shhould exerccise pprofesssionaal ju

32、ddgemennt reaasonabbly annd connsiderr the folloowing factoors whhen asssessiing innherennt rissk：(1) tthe inntegriity annd commpetennce off manaagemennt;(2) aany chhangess in mmanageement， especciallyy the finanncial stafff;(3) aany unnusuall presssuress on mmanageement;(4) tthe naature of buusines

33、ss;(5) tthe ciircumsstancees andd facttors aaffectting tthe inndustrry in whichh the entitty opeeratess;(6) ffinanccial sstatemment iitems likelly to be suuscepttible to miisstattementts;(7) tthe coomplexxity oof impportannt traansacttions and eeventss whicch migght reequiree usinng thee workk of aa

34、n exppert;(8) tthe deegree of esstimattion aand juudgemeent innvolveed in deterrmininng acccount balannces;(9) tthe suuscepttibiliity off asseets too losss or mmisapppropriiationn;(10) the ooccurrrence of unnusuall or ccompleex traansacttions durinng thee accoountinng perriod， partiicularrly neear t

35、hhe acccountiing peeriod end; and(11) the ssuscepptibillity oof traansacttions and eeventss to oomissiions iin thee routtine aaccounnting proceess.Articcle 222Afterr undeerstannding the iinternnal coontrolls andd asseessingg inheerent risk， the CCPA shhould make a preeliminnary aassesssment of coont

36、roll riskk， at the aasserttion llevel， for eeach mmateriial acccountt balaance oor claass off trannsactiions. Contrrol riisk reefers to thhe posssibillity tthat aa missstatemment oor omiissionn thatt coulld occcur inn an aaccounnt ballance or cllass oof traansacttions， eitheer inddividuually or whhe

37、n agggregaated wwith mmisstaatemennts orr omisssionss in oother accouunt baalancees or classses off trannsactiions， will not bbe preeventeed， deetecteed or correected by thhe intternall conttrols.Articcle 233The CCPA shhould assesss thee conttrol rrisk oof matteriall accoount bbalancces orr classses

38、 oof traansacttions at a high levell， forr somee or aall asssertiions， when one oor morre of the ffollowwing ssituattions occurrs：(1) tthe enntitys intternall conttrols are nnot efffectiive;(2) iit is diffiicult for tthe CPPA to assesss thee effeectiveeness of innternaal conntrolss; or(3) tthe CPPA

39、doees nott plann to pperforrm commpliannce teests.Articcle 244When makinng a pprelimminaryy asseessmennt of contrrol riisk foor a ffinanccial sstatemment aasserttion， the CCPA shhould not aassesss the contrrol riisk att a hiigh leevel wwhen：(1) rrelevaant innternaal conntrolss are likelly to preveen

40、t， ddetectt or ccorrecct matteriall missstatemments or ommissioons; aand(2) tthe CPPA plaans too perfform ccompliiance testss.Articcle 255if thhe CPAA planns to rely on thhe intternall conttrols， he shhould perfoorm coompliaance pproceddures to asssess the ccontrool rissk. Thhe lowwer thhe preelimin

41、nary aassesssment of coontroll riskk， thee moree eviddence the CCPA shhould obtaiin to show that interrnal ccontrools arre suiitablyy desiigned and ooperatting eeffecttivelyy.Articcle 266The CCPA maay perrform the ffollowwing ccompliiance proceeduress：(1) iinspecction of doocumennts suupportting ttr

42、ansaactionns andd evennts;(2) eenquirries aabout， and oobservvationn of， interrnal ccontrool opeeratioons whhich lleave no auudit ttrail; and(3) rreperfformannce off releevant interrnal ccontrool proocedurres.Articcle 277When one oor morre of the ffollowwing ssituattions occurrs， thhe CPAA may direc

43、ctly pperforrm subbstanttive pproceddures withoout peerformming ccompliiance testss：(1) tthe reelevannt intternall conttrols do noot exiist;(2) eeven tthoughh the relevvant iinternnal coontrolls exiist， tthe CPPA， thhroughh prelliminaary sttudy， discoovers that the iinternnal coontrolls do not ooper

44、atte efffectivvely; or(3) ccompliiance testss requuire mmore wwork tthan tthe reeductiion off subsstantiive teests tthat wwould have been achieeved bby perrformiing coompliaance ttests.Articcle 288Basedd on tthe reesultss of tthe coompliaance ttests， the CCPA shhould assesss wheether the ddesignn an

45、d operaation of thhe intternall conttrols are iin linne witth thee concclusioon draawn frrom thhe preeliminnary aassesssment of coontroll riskk. If theree are discrrepanccies， the aassesssed leevel oof conntrol risk shoulld be revissed annd thee natuure， ttimingg and extennt of substtantivve prooced

46、urres shhould be moodifieed acccordinngly.Articcle 299In a contiinuingg engaagemennt， thhe CPAA may make use oof thee infoormatiion reelatinng to the sstudy and eevaluaation of innternaal conntrolss obtaained in prrior pperiodds， buut willl neeed to updatte it.Articcle 300The CCPA shhould underrstan

47、dd whetther tthe innternaal conntrolss weree appllied cconsisstentlly thrroughoout thhe acccountiing peeriod beingg audiited. If thhere wwere oobviouus chaanges， the CCPA shhould consiider ttestinng theem sepparateely.Articcle 311If coompliaance ttests have been perfoormed in thhe intterim auditt， t

48、hee CPA， beforre deccidingg to rrely eentireely onn theiir ressults， shoulld connsiderr the folloowing factoors too obtaain fuurtherr audiit eviidencee for the pperiodd betwween iinteriim perriod eend annd finnal peeriod end：(1) tthe coonclussion ddrawn from the ccompliiance testss in tthe innterimm

49、 audiit;(2) tthe leength of thhe remmaininng perriod aafter the iinteriim auddit;(3) aany chhangess in iinternnal coontrolls aftter thhe intterim auditt;(4) tthe naature and aamountt of tthe trransacctionss and activvitiess whicch occcurredd afteer thee inteerim aaudit; and(5) tthe suubstanntive pro

50、ceeduress to bbe perrformeed.Articcle 322Beforre conncludiing thhe auddit， tthe CPPA shoould， basedd on tthe reesultss of ssubstaantivee testts andd otheer auddit evvidencce， maake a finall asseessmennt of the ccontrool rissk andd checck wheether it iss in lline wwith tthe coonclussion ddrawn from t

51、he pprelimminaryy asseessmennt of the rrisk. If noot， thhe CPAA shouuld coonsideer wheether addittionall releevant auditt proccedurees shoould bbe perrformeed.Articcle 333As coontroll riskk and inherrent rrisk aare reelatedd， thee CPA shoulld makke an overaall asssessmment oof inhherentt riskk and contrrol riisk， aand usse thee resuult ass the basiss for the aassesssment of deetectiion riisk.Detecction risk referrs to the ppossibbilityy thatt subsstantiive teests wwill nnot deetect a missstateement or ommissioon thaat exiists iin an