Act requires the following Management role:

• to assess internal controls over financial reporting
• to report on the assessment
• subject the assessment to audit

In the Management’s annual report on internal control, they must state the following:- management’s responsibility for establishing and maintaining an adequate internal control structure and

procedures for financial reporting, and

-Contain management’s assessment, as of year-end, of the effectiveness of the internal control structure and procedures for financial reporting

-independent auditor must attest to and report on management’s assessment in accordance with standards issued or adopted by the PCAOB
The objectives of management’s assessment process are two-fold:

– To support management’s public assertion about the effectiveness of internal control
– To satisfy a condition of the independent audit of internal control

Management: Supporting the Evaluation:

• Determine which controls are significant:

– Controls over significant classes of transactions, account balances, disclosures and related assertions

– Controls over significant non-routine transactions, journal entries, and accounts involving judgments and estimates

– Controls over period-end financial reporting process

– Anti-fraud programs and controls

– Controls on which other controls are dependent (e.g., general controls)

• Also consider:– The likelihood that failure could cause misstatements
– Whether other controls achieve same objectives
• Determine which locations/business units to include:
• Document design of significant controls related to all control components
• Evaluate design effectiveness

• Evaluate operating effectiveness

• Determine whether internal control deficiencies are significant deficiencies or material weaknesses
• Document the results of the evaluation
• Communicate findings to auditor and others
Management: Document Design of Controls: • Management documentation should include the following:
– each of the components of internal control
– how significant transactions are initiated, recorded, processed, and reported
– the controls that are designed to prevent or detect errors or fraud
– who performs the controls and the related segregation of duties
– the financial statement closing process and the related controls
– safeguarding controls
Management: Evaluating Operating Effectiveness• Procedures must be sufficient to verify operating effectiveness:
– testing of controls by internal audit or others under the direction of management
– self-assessment processes
– use of service organization reports
• Inquiry alone is not adequate

• Procedures performed and controls and locations selected are affected by risk assessment and monitoring processes
• All significant controls and locations must be evaluated annually