Auditing Paper


Effective and efficient internal controls that are seen in financial reporting are crucial in ensuring that the companies give the most reliable and efficient financial statements. These statements are essential in hloping the investors to make decisions on investments, and they also show whether a company is stable or not. From the 1960s, the federal government has demanded that all the public companies meet the efficient internal accounting controls.  This started with the act that was passed in the year 2002m, the Sarbanes-Oxley Act that was amended to give the accountants less control and to give the auditors more control. This means that he accounters have less power and cannot participate in the other decisions in the company. The Lebanese act of the year 2002 amended the requirement if the company management to assess and give a full report on how effective the internal control of the companies are. For the larger companies, the act needs independent auditors to assess the effectiveness of the internal controls in the company. The internal control over the financial and report establishes the requirement for the performance and reports on internal control. Internal control audit has to be integrated with the other financial statements. This work will analyze some of the most concerning issues in auditing ans financial reporting.



  1. According to PCAOB Auditing Standard (AS 2201)

(, what should auditors consider when evaluating the severity of a deficiency in a control that directly addresses a risk of material misstatement?

The size and the complexity of the company together with all other are processes of the business units can sometimes have an impact on the methods that the company use to achieve the control objectives. The sizes and the complexities can also impact the risk misstatements together with the other controls that address the stated risks. The scaling process is effective as a risk-based approach in an extensive and applicable audit. The less flexible companies can achieve control objectives rather than the company complexities. When performing an audit of the internal audit control for the financial reporting, the auditor has to take into account the fraud assessment results for the risks faced. The fraud risk assessment results are used in identifying and testing the entry-level controls. The auditor also has to evaluate the risk assessment materials misstatements because of the controls that are intended to address the manage, meant risks or overriding risks (AICPA, 2016).  The different controls that might address the risks are those that are seen over the transactions that are outside the normal business cause for the company that appears to be unusual because of the timing, nature and the size f the company.  The unusual nat8re of the transactions is the other concerns especially if they can easily get the entry or the entries that seem unusual to the journal. The auditors also have to consider the controls done over the journal entries ad the possible adjustments that are done in the periodic end of the financial report. The controls over the related party activities and transactions is the other consideration.  They also consider the controls that have been overly related to the crucial management estimates and party transactions. Besides, the controls that are responsible for mitigating the controls incentives those that repressuring the management to give a false or inappropriate financial report also have to be taken into consideration.




  1. PCAOB AS 2201 distinguishes the difference between a deficiency in design and a deficiency in operation. Does the Assistant Controller’s failure to adequately review the Vendor Change Form represent a deficiency in the design or operating effectiveness of the control?

A deficiency can sometimes take place in the internal control over the existing financial reporting process. The deficiency can come in the form of the design or operation of a control system do not allow the employees in the organization and the management members to perform the functions that they are supposed to perform.  The role of the management is to recognize and to possibly prevent the existence of the misstatement on a timely basis.  The deficiency design exists when their the existing control that have to meet the objective controls are missing. It can also take place when the existing controls are not appropriately designed so that they can prevent the misstatements. This can take place even if the controls meet the objectives (AICPA, 2016).  On the other hand, a deficiency in operation exists when the designed control has been appropriately designed but do not operate as expected. This deficiency can also take place when the person that is in charge of the control does not have the authority or the necessary tool strategy use to perform the control effectively. Hence, the Assistant Controller’s failure to adequately review the Vendor Change Form represents a deficiency in operating and effectiveness of the control. This is because of the assistant controller cant access the necessary tools that will enable full control. This type of deficiency can b a massive weakness or comes as a result of a combination of weaknesses that affects the internal control controls. These deficiencies less severe hat than the control because they can merit the scrutiny of the people that are responsible for the financial reporting in the institution.



  1. Is the failure in the vendor request change form control indicative of a material weakness in internal control over financial reporting?

The material weakness is the other deficiency that represents the combination of the numerous other deficiencies.  When it comes to the internal control reporting and the financial reports in a way that here are the reasonable possibilities in terms of the material misstatements of the statements, they will not be prevented (AICPA, 2016). They may not even be detected on the set time basis. It is important to note that there is the most notable possibility of the event. Thee I the reasonable possibility of occurrence of an event, especially when the auditors are talking about the likelihood of a similar event being either probable. The event can also occur when there is a “reasonable possibility.” In evaluating the deficiencies, the editors have to know about the deficiencies that do as a result of the attention of the auditor and the determination whether it has been caused by an individual or as a result of a combination of the other factors. In addition to this, the material weakness has to be analyzed as at the date of the management assessment procedures. The auditor has to plan and perform the audit and search for possible deficiencies. The indicators of the material weakness that exists in the internal control on financial reporting include the fraud indication; and whether they are in the form of material or not, especially on the side of the senior members of management. The restatement of the issues identified previously within the financial statement in the current period is also an indicator of the material weakness (PCAOB, 2016). These weaknesses may sometimes not be detected by the internal controls over the financial reports. The other indicator is the ineffective oversight of the external report n finance within the company and the internal form of control over the reporting by the audit committee of the company. Hence, failure in the vendor request change from the control is an indication of the material weakness that exists within the internal reporting.

Through evaluating the severity of the identified deficiency, or the many deficiencies that have been identified, it is the responsibility of the auditor to ensure that he or she presents the facts in a manner that will be rusted by the members of the board or the other stakeholders who depend on the financial reporting to make their own decisions.  They have to give the detailed assurance that would be quite prudent enough because the officials will necessarily conduct their  They also allow for the presentation of the reasonable record for the transactions. The report must follow the guidelines that have been given by the counting principles and standards.  The auditor also has the role of determining the deficiencies that are capable of prudently convincing the officials for them to allow for the preparation of the better financial reports that can be used I makig the decisions. Hence, the auditor hav to create the deficiencies the combination of the identified deficiencies as an indicator for the material weakness.




SEC Regulation S-K requires that management provide a report on a registrant’s ICFR in the company’s Form 10-K. Assuming the company and the auditor concluded that this internal control failure indicates a material weakness in internal control, what information would the company be expected to disclose?

According to the requirements of the S-K 308(a), the management has to give the provision their reports about the ICFR that contains its assessment about how effective they are for the ICFRas for the many other recent annual reports of the fiscal year. The report is given in the form of the   Form 20-F, 10-K, or 40-F. This can also include the transition of the reports that have been filled on forms up the changes within the fiscal end of the year. In case the registrant of the report is a non-EGC accelerate filer or is a nonmember of the larger accelerate file, then the ruling of the S-K 308(b) needs the management in the firm to give the attestation report of the registered public accounting firm report about the ICFR of the registrar. If the filings have been filed without the reports or without any of the rep[ortts in the rulings, then the filing is deemed deficient (Alles, Brennan,  Kogan, and Vasarhelyi, 2018). Such filing is also untimely.  The only exception is the situation that has been described or listed in section Section 4310.6.

The nonaccelerated filers, those that are on the domestic and foreign level are not required for the inclusion in an attention report that is located under the S-K 308(b). the management report that is based on the ICFR and the accompanying report are not needed in such a situation. If the company and the auditor concluded that this internal control failure indicates a material weakness in internal control, there are different types of information that the company will be expected to disclose. The ICFR from the registrants have to be given by the management under the registration of the public accountant’s firms report on attestation. The non –EGC also gets into the file status after the year has ended depending on the float that the public has. Before the start of the second fiscal year,  the management is needed to provide the auditor’s attestation reports that come in the form of 10-K for the year that has just ended.  Similarly, the company that exists can accelerate the filer status of the fiscal year based on the public float at the end of the second quarter. The management report that focuses on the internal control over the financial reports and disclosure of the certification sometimes ask questions if the necessary reports are not given. This company is pursuant of the S-K 308 and therefore must provide the management to report on the ICFR  until one of the is needed to file the FORM 10-k with the commission that is reported before the fiscal year starts. The company that has been under the exchange act as the main voluntary due to the registered debt (Newton, Persellin,  Wang, and Wilkins, 2015).  They, therefore, have to fil the annual reports up to the point of the IPO date. At the time, the company is required to show the disclosed items in the 308(a) of the Regulation S-K that the management has to produce to show that they are complying with the ICFR. The only accelerated files are the ones that are not complying to the EGC and the accelerated files.  The report has to be given under the guidelines of 308(b).


The Newly public corporations and businesses that have historically been reporting their facts under the new Exchanges Act as the voluntary filers, and those that come as a result of the registered debts may not satisfy the given available definitions. The definition of  “accelerated filer” or the definition of the “large accelerated filer” comes for the very first annual reports following  IPO. Hence, they are not needed in including the attestation of the auditor’s report that is based on ICFR through the S-K 308(b) that was seen in the always given in the annual reports.


  1. In light of the identified deficiency, auditors should consider what impact, if any, the deficiency may have on other controls. What implications does the failure to adequately review the Vendor Change Form have on other controls?


In light of these deficiencies, the auditors have to know the impacts of the deficiencies and the impacts that they have on the controls. Failure to review the changes have a massive impact on the other controls in the companies.  In a financial statement that has been released by the auditors, the deficiencies are likely to be identified in the internal controls over the reporting of the financial statements. The control deficiencies have a massive impact on the financial status of the, and if not identified,  there are likely to be financial misstatements and the financial status of the organization will be jeopardized. Also, if they are not appropriately addressed, then the investors are less likely to gain interests in the company (Ge,  Koester, and McVay, 2017). Therefore, the auditor should perform the assigned functions that will prevent these deficiencies by the management.

A deficiency design takes place when there is the control that is needed to meet the objectives is missing and when the existing controls are not adequately designed even when the controls operate similarly. Hence the control, the objective cannot be met. The deficiencies in operation also exist hen; there is a designed control that is not operational when the person doing the control does not have the authority to perform the qualifications. This leads to giving false information that can have a massive detrimental impact on the company.



In conclusion, the auditors have the right to form an opinion on the effectiveness that exists in the internal financial control and reporting through evaluating the evidence that is obtained from the provided sources such as the auditor’s test for controls. The misstatements that have been detected together with the other deficiencies have to be taken into accounts. As part of the ongoing evaluation, the auditor has to review the reports that are given through the years by the internal audits or any department that have similar controls.  These companies have to address the issues about controls that are related to control deficiencies. After that, they have to evaluate the elements of the management through the use of the rule that is set by the SEC. The rules are used in reporting the annual internal controls that the management has on the financial reporting of the firm.  The auditor also has to determine the annual control and form an opinion in doing the audition.  The written representations by the management also have to be taken by the auditors besides rge financial reporting.




Ge, W., Koester, A., & McVay, S. (2017). Benefits and costs of Sarbanes-Oxley Section 404 (b) exemption: Evidence from small firms’ internal control disclosures. Journal of Accounting and Economics63(2-3), 358-384.

Newton, N. J., Persellin, J. S., Wang, D., & Wilkins, M. S. (2015). Internal control opinion shopping and audit market competition. The Accounting Review91(2), 603-623.

DeFond, M. L., & Lennox, C. S. (2017). Do PCAOB inspections improve the quality of internal control audits?. Journal of Accounting Research55(3), 591-627.

Alles, M., Brennan, G., Kogan, A., & Vasarhelyi, M. A. (2018). Continuous monitoring of business process controls A pilot implementation of a continuous auditing system at Siemens. In Continuous Auditing: Theory and Application (pp. 219-246). Emerald Publishing Limited.


PCAOB  (2016): AS 2201- An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements. (n.d.). Retrieved from


AICPA (2016): Section 404(b) of the Sarbanes-Oxley Act of 2002. (n.d.). Retrieved from