Integrated audits

An integrated audit combines:

  • The audit of the financial statements; and

  • The audit of internal controls over financial reporting.

This gives rise to two primary objectives for the auditor:

  • To express an opinion on whether the financial statements are fairly presented in conformity with the applicable financial reporting framework (AS 1000.03)

  • To express an opinion on the effectiveness of the company’s internal control over financial reporting (AS 1000.03)

In such an engagement, the auditor must plan and perform the work to achieve the objectives of both audits.

Select Yes in Is the engagement an audit of internal controls over financial reporting that is integrated with an audit of the financial statements? on 1-100 Engagement – Acceptance/Continuance if you are performing an integrated audit.

Form 2-010 PCAOB Integrated audit guidance includes guidance to support auditors in effectively undertaking an integrated audit.

Linking controls to risks of material misstatement

The approach taken in OnPoint Audit PCAOB is to directly link the risk of material misstatement with risks of material weakness. As such, when an auditor identifies a risk of material misstatement in 2-900 Risk report, it is presumed there is a related risk of material weakness, and the auditor will be required to link the risk to the relevant control. In the instance there is no related risk of material weakness, the auditor should carefully document the rationale for rebutting the presumption.

To link a risk of material misstatement to a relevant control:

  1. Expand the risk of material misstatement documented in 2-900 Risk report.

  2. Link the relevant control(s) under Linked Control – Integrated Audits.

  3. Select the appropriate conclusion.

Note: Controls linked to risks with conclusions set to Significant control deficiency exists or Material weakness in internal control identified are presented in the 7-160 Summary of deficiencies and material weaknesses in control form.

Entity-level controls

In an integrated audit, the auditor must test all entity-level controls which are relevant to the auditor's conclusion regarding the effectiveness of the controls in relation to financial reporting (AS 2201.05).

Complete 3-110 Entity-level risk and controls - Integrated audit to document an understanding of the entity-level controls designed to respond to identified risks and subsequently evaluate the design effectiveness of internal controls relevant to the financial reporting process to determine the work necessary to:

  • Support the auditors' conclusions on the overall effectiveness of internal control over financial reporting; and

  • Obtain controls reliance for the audit of the financial statement to facilitate reduced substantive testing.