内部控制缺陷评价框架-英文版.pdfVIP

A Framework for Evaluating Control Exceptions and Deficiencies Version 3 December 20, 2004 Table of Contents Page Introduction and Purpose 1 Guiding Principles 3 Terminology 14 Chart 1 – Evaluating Exceptions Found in the 17 Testing of Operating Effectiveness Chart 2 – Evaluating Process/Transaction-Level 18 Control Deficiencies Chart 3 – Evaluating Information Technology General 19 Control (ITGC) Deficiencies Chart 4 – Evaluating Deficiencies in Pervasive Controls 20 Other than ITGC Introduction and Purpose This paper outlines a suggested framework for evaluating exceptions and deficiencies resulting from the evaluation of a company’s internal control over financial reporting. Issuers and auditors may find this framework useful. This paper should be read in conjunction with Auditing Standard No. 2, An Audit of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements (AS 2), especially the definitions in paragraphs 8 through 10, the section on evaluating deficiencies in paragraphs 130 through 141, the examples of significant deficiencies and material weaknesses in Appendix D, and the Background and Basis for Conclusions in Appendix E. The framework is not a substitute for AS 2 and other relevant professional literature. The framework was developed by representatives of the following nine firms: BDO Seidman LLP Crowe Chizek and Company LLC Deloitte Touche LLP Ernst Young LLP Grant Thornton LLP