970). AS2, An Audit of Internal Control over Financial Reporting Performed in Conjunction with an Audit of Financial Statements was issued in 2004 (Goh et al., p. 970). AS2 presented combined audits of internal controls and the financial statements (p. 989). According to Kanagaretnam et al. (2016), AS2 identifies three types internal control problems that currently exist: material weakness, significant deficiency, and control deficiency (p. 31). Jahmani and Dowling (2015) point out the AS2 defines a control deficiency as a deficiency that occurs when the composition or application of a control does not allow management or employees, in the standard series to carry out the appointed purpose, to avoid or identify misstatements on a timely basis (p. 129). In addition, the AS2 defines the significant deficiency as a control deficiency or a mixture of control deficiencies that unfavorably alters the company’s capability to commence, approve, report, develop, or detail external financial data consistency in agreement with generally accepted accounting principles (GAAP), such that there is more than an outlying possibility that a misstatement of the company’s yearly or quarterly financial statement that is more than insignificant will not be prevented or revealed (pp. 129-130). Lastly, probably the most …show more content…
34). According to Calderon et al., the top-down risk approach is key for executing efficient internal control audits and specifies the continuous thought process, which auditors should utilize in recognizing risks (p. 37). A top-down risk approach starts with the financial statement level and emphases on the entry-level controls, which includes the controls of the control environment, risk-management process, monitoring controls, and period-end financial reporting processes (p. 37). After the financial statement level is reviewed, the top-down risk approach then moves to the essential accounting-level controls (p. 37). However, Calderon et al. showed that within PCAOB reports, auditors are not utilizing the top-down risk approach correctly or effectively (p. 37). The reports showed auditors were not conducting the correct tests at the entry-level controls and period-end financial reporting processes, in addition to failing to review the risk of misstatements in numerous accounts (p. 37). This creates problems within the company as risk assessment is a vital element of internal control auditing, for example, recognizing the risks of material misstatement is vital for the auditor in development and choosing applicable controls to test and in properly assessing those