Your Ask Joey ™ Answer

Does the audit team test the efficiency of the internal control framework?

No, the audit team is not concerned with the “efficiency” of the internal control framework. Efficiency could relate to how streamlined a company’s internal control framework is, but that the audit team would be more concerned with the “effectiveness” of the company’s internal controls.

So remember, when it comes to the two “E”s, the audit team will be testing the operating “effectiveness” of internal controls. This is one of the requirements under Section 404 of the Sarbanes Oxley Act, which is applicable to public companies (issuers).


Back To All Questions

You might also be interested in...

  • How can the audit team assess the operating effectiveness of controls?

    The audit team must assess whether the controls that management has designed and implemented are actually effective. The auditor should also determine whether the person(s) implementing the internal controls are qualified to do the job. The visual below lists out the ways to assess the operating effectiveness of internal controls:

  • What are the three types of control deficiencies?

    There are three levels of deficiencies that the auditor will report on in regard to the assessment of an organization’s internal controls. The three types include: Control deficiencies – A deficiency in internal control over financial reporting exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. Control deficiencies are less severe than significant deficiencies. Significant deficiencies – A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. Material Weakness – A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis.

  • What is an integrated audit?

    An integrated audit is when the audit firm must express an opinion the fair presentation of a company’s financial statements and the design and operating effectiveness of a company’s internal controls. Rule 404 is commonly associated with an integrated audit as rule 404 relates to an audit over a company’s internal controls. Public companies that are large accelerated filers or accelerated filers are required to perform an integrated audit.