Skip Ribbon Commands
Skip to main content
Stay Connected: Twitter Facebook Flickr RSS E-Mail

Click Plus Sign Icon to expand menu items
Click Minus Sign Icon to collapse menu items

Skip Navigation Links.
ExpandAS No. 1: References in Auditors’ Reports to the Standards of the Public Company Accounting Oversight Board
ExpandAS No. 3: Audit Documentation
ExpandAS No. 4: Reporting on Whether a Previously Reported Material Weakness Continues to Exist
CollapseAS No. 5: An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements
Auditing Standard No. 5
Appendix A: Definitions
Appendix B: Special Topics
Appendix C: Special Reporting Situations
ExpandAS No. 6: Evaluating Consistency of Financial Statements
ExpandAS No. 7: Engagement Quality Review
ExpandAS No. 8: Audit Risk
ExpandAS No. 9: Audit Planning
ExpandAS No. 10: Supervision of the Audit Engagement
ExpandAS No. 11: Consideration of Materiality in Planning and Performing an Audit
ExpandAS No. 12: Identifying and Assessing Risks of Material Misstatement
ExpandAS No. 13: The Auditor's Responses to the Risks of Material Misstatement
ExpandAS No. 14: Evaluating Audit Results
ExpandAS No. 15: Audit Evidence
ExpandAS No. 16: Communications with Audit Committees
ExpandAS No. 17: Auditing Supplemental Information Accompanying Audited Financial Statements
ExpandAU Section 100 - Statements on Auditing Standards -- Introduction
ExpandAU Section 200 - The General Standards
ExpandAU Section 300 - The Standards of Field Work
ExpandAU Section 400 - The First, Second, and Third Standards of Reporting
ExpandAU Section 500 - The Fourth Standard of Reporting
ExpandAU Section 600 - Other Types of Reports
ExpandAU Section 700 - Special Topics
ExpandAU Section 800 - Compliance Auditing
ExpandAU Section 900 - Special Reports of the Committee on Auditing Procedures

 
Auditing Standard No. 5

An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements

APPENDIX A - Definitions

A1.      For purposes of this standard, the terms listed below are defined as follows -

A2.      A control objective provides a specific target against which to evaluate the effectiveness of controls. A control objective for internal control over financial reporting generally relates to a relevant assertion and states a criterion for evaluating whether the company's control procedures in a specific area provide reasonable assurance that a misstatement or omission in that relevant assertion is prevented or detected by controls on a timely basis.

A3.      A deficiency in internal control over financial reporting exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.

  • A deficiency in design exists when (a) a control necessary to meet the control objective is missing or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met.
  • A deficiency in operation exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or competence to perform the control effectively.

A4.      Financial statements and related disclosures refers to a company's financial statements and notes to the financial statements as presented in accordance with generally accepted accounting principles ("GAAP"). References to financial statements and related disclosures do not extend to the preparation of management's discussion and analysis or other similar financial information presented outside a company's GAAP-basis financial statements and notes.

A5.       Internal control over financial reporting is a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP and includes those policies and procedures that -

(1) Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;
(2) Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and
(3) Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. 1/

Note: The auditor's procedures as part of either the audit of internal control over financial reporting or the audit of the financial statements are not part of a company's internal control over financial reporting.

Note: Internal control over financial reporting has inherent limitations. Internal control over financial reporting is a process that involves human diligence and compliance and is subject to lapses in judgment and breakdowns resulting from human failures. Internal control over financial reporting also can be circumvented by collusion or improper management override. Because of such limitations, there is a risk that material misstatements will not be prevented or detected on a timely basis by internal control over financial reporting. However, these inherent limitations are known features of the financial reporting process. Therefore, it is possible to design into the process safeguards to reduce, though not eliminate, this risk.

A6.      Management's assessment is the assessment described in Item 308(a)(3) of Regulations S-B and S-K that is included in management's annual report on internal control over financial reporting. 2/

A7.      A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.

Note: There is a reasonable possibility of an event, as used in this standard,  when the likelihood of the event is either "reasonably possible" or "probable," as those terms are used in Financial Accounting Standards Board Statement No. 5, Accounting for Contingencies ("FAS 5"). 3/

A8.      Controls over financial reporting may be preventive controls or detective controls. Effective internal control over financial reporting often includes a combination of preventive and detective controls.

  • Preventive controls have the objective of preventing errors or fraud that could result in a misstatement of the financial statements from occurring.
  • Detective controls have the objective of detecting errors or fraud that has already occurred that could result in a misstatement of the financial statements.

A9.      A relevant assertion is a financial statement assertion that has a reasonable possibility of containing a misstatement or misstatements that would cause the financial statements to be materially misstated. The determination of whether an assertion is a relevant assertion is based on inherent risk, without regard to the effect of controls.

A10.    An account or disclosure is a significant account or disclosure if there is a reasonable possibility that the account or disclosure could contain a misstatement that, individually or when aggregated with others, has a material effect on the financial statements, considering the risks of both overstatement and understatement. The determination of whether an account or disclosure is significant is based on inherent risk, without regard to the effect of controls.

A11.    A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.

1/ See Securities Exchange Act Rules 13a-15(f) and 15d-15(f), 17 C.F.R. §§ 240.13a-15(f) and 240.15d-15(f).

2/ See 17 C.F.R.  §§ 228.308(a)(3) and 229.308(a)(3).

3/ See FAS 5, paragraph 3.