An Audit of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements
Safeguarding of Assets
C1. Safeguarding of assets is defined in paragraph 7 as those policies and procedures that "provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company's assets that could have a material effect on the financial statements." This definition is consistent with the definition provided in the Committee of Sponsoring Organizations (COSO) of the Treadway Commission's Addendum, Reporting to External Parties, which provides the following definition of internal control over safeguarding of assets:
Internal control over safeguarding of assets against unauthorized acquisition, use or disposition is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the entity's assets that could have a material effect on the financial statements. Such internal control can be judged effective if the board of directors and management have reasonable assurance that unauthorized acquisition, use or disposition of the entity's assets that could have a material effect on the financial statements is being prevented or detected on a timely basis.
C2. For example, a company has safeguarding controls over inventory tags (preventive controls) and also performs periodic physical inventory counts (detective control) timely in relation to its quarterly and annual financial reporting dates. Although the physical inventory count does not safeguard the inventory from theft or loss, it prevents a material misstatement to the financial statements if performed effectively and timely.
C3. Therefore, given that the definitions of material weakness and significant deficiency relate to the likelihood of misstatement of the financial statements, the failure of a preventive control such as inventory tags will not result in a significant deficiency or material weakness if the detective control (physical inventory) prevents a misstatement of the financial statements. The COSO Addendum also indicates that to the extent that such losses might occur, controls over financial reporting are effective if they provide reasonable assurance that those losses are properly reflected in the financial statements, thereby alerting financial statement users to consider the need for action.
Note: Properly reflected in the financial statements includes both correctly recording the loss and adequately disclosing the loss.
C4. Material weaknesses relating to controls over the safeguarding of assets would only exist when the company does not have effective controls (considering both safeguarding and other controls) to prevent or detect a material misstatement of the financial statements.
C5. Furthermore, management's plans that could potentially affect financial reporting in future periods are not controls. For example, a company's business continuity or contingency planning has no effect on the company's current abilities to initiate, authorize, record, process, or report financial data. Therefore, a company's business continuity or contingency planning is not part of internal control over financial reporting.
C6. The COSO Addendum provides further information about safeguarding of assets as it relates to internal control over financial reporting.