CSRC reminds to standardize internal control audit procedures and improve the quality of internal control audits of listed companies.

On April 15th, the Chinese Institute of Certified Public Accountants issued a reminder: internal control of financial reports is an important foundation for strengthening financial supervision, curbing financial fraud, and improving the quality of accounting information for listed companies. According to the relevant requirements of the Ministry of Finance and the China Securities Regulatory Commission's "Notice on Strengthening the Internal Control Construction of Listed Companies and Prospective Listing Enterprises and Promoting Internal Control Evaluation and Audit", relevant enterprises should engage accounting firms to issue internal control audit reports for financial reports. Regulators have found that some accounting firms do not pay enough attention to internal control audit work, have a lack of clear understanding of internal control audit responsibilities, do not treat internal control audit as an independent business, and equate internal control audit work with understanding internal control and control testing procedures in financial statement audits. The Chinese Institute of Certified Public Accountants reminds accounting firms to focus on the following aspects when conducting internal control audits for listed companies. First, maintain independence. Accounting firms and their related personnel are not allowed to assume management responsibilities for designing, executing, and maintaining internal control of financial reports for the audited entities. Accounting firms conducting internal control audit work are not allowed to prepare internal control self-assessment reports on behalf of the audited entities. Second, ensure the execution of internal control audit procedures. It is important to fully understand the differences between internal control audits and financial statement audits, define the scope of internal control audits appropriately, and collect sufficient and appropriate audit evidence. When performing group internal control audit work, assess the risks related to components that lead to significant misstatements in the group's financial statements, and allocate corresponding audit attention based on the severity of the risks. Taking into account the results of assessments of fraud risks and other misstatement risks in financial statement audits, appropriately design the focus of internal control audits and allocate resources, focusing on internal controls involving risks such as fund usage and improper guarantees, major related party transactions decisions, significant accounting judgments and estimates, and correction of significant accounting errors in previous financial statements. Walkthrough tests and control tests should avoid standardization, determine the scope and samples of tests appropriately, and obtain sufficient and appropriate audit evidence for key control points. When deviations are detected during testing, consider the causes and nature of the deviations, and consider expanding the sample size to assess whether the deviations are control deficiencies. Third, issue internal control audit opinions appropriately. Evaluate audit evidence obtained from various sources, including test results of controls, misstatements found in financial statement audits, identified control deficiencies, etc., judge the effectiveness of internal control of listed company financial reports, focus on areas with high occurrence of control deficiencies, and objectively issue audit opinions to urge listed companies to continuously improve their internal control systems. If the audit report on financial statements is not unqualified, evaluate the impact of the results of substantive procedures conducted in financial statement audits on the conclusion of internal control effectiveness, and reasonably determine their impact on the type of opinion in the internal control audit report. For significant deficiencies and material weaknesses, communication must be made with management and governance in writing before the audit report date.