Search results
Results From The WOW.Com Content Network
Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.
The COSO framework defines internal control as a process, carried out by the board of directors, the administration and other personnel of an entity, designed to provide "reasonable security" with respect to the achievement of objectives in operations, financial reporting, and compliance with applicable laws and regulations.
AT-C section 320, sourced from SSAE No. 18, effective on May 1, 2017, contains requirements and guidance for examining controls at service organizations that provide services to user entities where those controls are relevant to the user entities’ internal control over financial reporting. It may also be applied to reporting on internal ...
The scope of an ISAE 3402 engagement is control set of the service organization, or to be more precise the service organizations controls over services, functions performed and applications that are likely to be relevant for the customer and its auditor to evaluate the internal control over financial reporting [further explanation needed].
These two concepts together (the account- or disclosure-related risks and control-related risks) are called "Internal Control over Financial Reporting Risk" or "ICFR" risk. A diagram was included in the guidance (shown in this section) to illustrate this concept; it is the only such diagram, which indicates the emphasis placed on it by the SEC.
The auditor must test entity-level controls that are important to the auditor's conclusion about whether the company has effective internal control over financial reporting. Depending on the auditor's evaluation of the effectiveness of the entity-level controls, the auditor can increase or decrease the amount of testing that they will perform.
The AICPA auditing standard Statement on Standards for Attestation Engagements no. 18 (SSAE 18), section 320, "Reporting on an Examination of Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting", defines two levels of reporting, type 1 and type 2. Additional AICPA guidance materials specify ...
The Sarbanes–Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations.The act, Pub. L. 107–204 (text), 116 Stat. 745, enacted July 30, 2002, also known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability, Responsibility, and ...