Finance Business

AS 2201: An Audit of Internal Control Over Financial Reporting

Internal control over financial reporting

Accounting standard 2201 establishes requirements and provides direction that applies when an auditor is engaged in audit management’s assessment of internal control over financial reporting integrated with an audit of the financial statements.

Give effect to the financial reporting; it provides a reasonable assurance and prepares the financial statements for external purposes. The company’s financial reporting cannot be considered adequate if material weaknesses exist.

The auditor’s purpose is to express an opinion on the effectiveness of the company’s financial reporting because a company’s internal control can only be considered adequate if any material weaknesses exist. The auditor has a plan and performs the audit to obtain appropriate evidence about the material weaknesses in financial reporting and verify that the financial statements are not materially misstated. The auditor uses the same suitable, recognised control framework to audit and for its annual evaluation of the company’s financial reporting.


The audit of financial reporting is integrated with auditing the financial statements. The objectives of the audits are different in every circumstance, and therefore, the auditor must perform and plan the work to achieve the company’s objectives accordingly.

  • To secure sufficient evidence to support the auditor’s opinion over financial reporting.
  • To collect appropriate evidence to give effect to the auditor’s control risk assessments for purposes of the audit of financial reporting.

Planning the Audit

The auditor has planned properly to audit financial reporting and adequately supervise the engagement of team members. The auditor evaluates the matters essential to the company’s financial statements[1] that affect the audit procedures.

  • To have an understanding of financial reporting that the auditor obtains during the time of audit.
  • Company matters include financial reporting practices, laws and regulations, and economic conditions.
  • Matters relating to the company’s business include its organisation, capital structure, and operation.
  • The changes in the company over financial reporting.
  • The auditor’s preliminary judgments about risk, materiality and other relevant factors determine the material weaknesses.
READ  Basics of Overseas Direct Investment: Investment by Indians Abroad

Role of Risk Assessment

Risk assessment implies the entire audit process and complies with the standard, including determining significant assertions, accounts, and disclosures, selecting controls to test, and determining the evidence necessary for internal control.

However, if a company fails to prevent or detect internal misstatements caused by fraud, it is usually a higher risk of failure to prevent or detect errors. The auditor should focus more on the areas of highest risk. On the other hand, it is unnecessary to test the internal controls and check the material misstatement in the financial statements timely. The complexity of the organisation, business unit, or process will play an essential role in the auditor’s risk assessment and determining the necessary procedures.

Addressing the Risk of Fraud

The auditor evaluates the company’s controls and identifies future risks of material misstatement due to fraud or misrepresentation. Internal controls that identify the risk which include;

  • Controls over material transactions that are outside the ordinary course of business for the company;
  • Controls over general entries and adjustments made in the period-end financial reporting process;
  • Controls over related party transactions;
  • Controls related to significant management estimates; and
  • Controls that mitigate incentives and management to falsify or inappropriately manage financial results.


Generally, the auditor used the same materiality considerations they would use to audit the company’s annual financial statements and identify significant Accounts.


The auditor identified the significant accounts and disclosures and their relevant assertions. Relevant assertions are those financial assertions with a  possibility of containing a misstatement in the financial record that would cause materially misstated for the company. The financial statement assertions include as following:

  • Existence or occurrence
  • Completeness
  • Valuation or allocation
  • Rights and obligations
  • Presentation and disclosure
  • Size and composition of the financial  account statement;
  • Misstatement due to errors or fraud;
  • Nature of the financial account;
  • Reporting complexities associated with the account statement;
  • Disclose  any losses that occurred in the account statement;
READ  All about Forensic Audit of a Company in India

The auditor evaluates the risk factor in identifying accounts and disclosures of the audit in financial statements.

Testing Controls

  1. Testing Design Effectiveness
    The auditor tests the design effectiveness of controls by determining whether the company’s controls are operated under the prescribed authority and satisfies the company’s that it effectively prevents or detects errors, fraud, or concealment of records that could result in material misstatements in the financial records. The auditor’s procedures to test design effectiveness include observing the company’s operations and inspecting relevant documentation. These procedures are sufficient to evaluate design effectiveness.
  2. Testing Operating Effectiveness
    The auditor tests the operating effectiveness of the control and determines that the persons operating are competent to perform the control.
    • Evaluating identified Deficiencies
    • The auditor evaluates each control deficiency’s severity to determine the material weaknesses in the management’s assessment.
    • Indicators of Material Weaknesses
    • Indicators of material weaknesses in financial reporting include
    • Identification of fraud and misrepresentation on the part of senior management and board members;
    • Verify the previously issued financial statements to reflect any material misstatement that has occurred within an entity;
    • Identification by the auditor of any material misstatement which the company would not have detected.
    • Ineffective operation of the company’s external or internal financial reporting by the company’s audit committee.
    • To determine the severity of a deficiency or combination of deficiencies, the auditor verifies the degree of assurance that would satisfy the company’s board of directors and stakeholders.
  3. Obtaining Written Representations
    The auditor, after obtaining written representations from management –
    • Acknowledging management’s responsibility for establishing and maintaining adequate internal control over financial reporting;
    • The management has evaluated and assessed the company’s Internal Control over financial reporting.
    • Failure to obtain the written representations from management, including management’s refusal to furnish them, constitutes a limitation on the scope of the audit.
  4. Reporting on Internal Control
    The auditor’s report over financial reporting includes the following elements such as:
  • It includes independence in financial reports;
  • The statement relates that management must maintain adequate financial reporting and assess a company’s internal control effectiveness.
  • Identify the management report on internal control;
  • The auditor’s responsibility is to provide an opinion over financial reporting based on their audit;
  • A statement that the Public Company Accounting Oversight Board standards require the auditor to plan and perform the audit to obtain reasonable assurance.
READ  Review of Financial Creditors under IBC


The auditor gives an opinion on the effectiveness of the financial reporting by evaluating evidence obtained from all the appropriate sources, including the auditor’s misstatements detected during the financial statement audit, testing controls, and any identified control deficiencies. The auditor reviewed reports issued by internal audit during the financial year and evaluated control deficiencies identified in those reports.

Also Read:
Internal Controls- A Guide for directors
Internal Control System- Analysis of Benefits & Limitations

Trending Posted

Get Started Live Chat