独立审计具体准则第9号——内部控制与审计风险 SPECIFIC INDEPENDENT AUDITING STANDARD NO.9——INTERNAL CONTROLS AND AUDIT RISK

y of assets to loss or misappropriation；

　　（10） the occurrence of unusual or complex transactions during the accounting period， particularly near the accounting period end； and

　　（11） the susceptibility of transactions and events to omissions in the routine accounting process.

　　Article 22

　　After understanding the internal controls and assessing inherent risk， the CPA should make a preliminary assessment of control risk， at the assertion level， for each material account balance or class of transactions. Control risk refers to the possibility that a misstatement or omission that could occur in an account balance or class of transactions， either individually or when aggregated with misstatements or omissions in other account balances or classes of transactions， will not be prevented， detected or corrected by the internal controls.

　　Article 23

　　The CPA should assess the control risk of material account balances or classes of transactions at a high level， for some or all assertions， when one or more of the following situations occurs：

　　（1） the entity's internal controls are not effective；

　　（2） it is difficult for the CPA to assess the effectiveness of internal controls； or

　　（3） the CPA does not plan to perform compliance tests.

　　Article 24

　　When making a preliminary assessment of control risk for a financial statement assertion， the CPA should not assess the control risk at a high level when：

　　（1） relevant internal controls are likely to prevent， detect or correct material misstatements or omissions； and

　　（2） the CPA plans to perform compliance tests.

　　Article 25

　　if the CPA plans to rely on the internal controls， he should perform compliance procedures to assess the control risk. The lower the preliminary assessment of control risk， the more evidence the CPA should obtain to show that internal controls are suitably designed and operating effectively.

　　Article 26

　　The CPA may perform the following compliance procedures：

　　（1） inspection of documents supporting transactions and events；

　　（2） enquiries about， and observation of， internal control operations which leave no audi

t trail； and

　　（3） reperformance of relevant internal control procedures.

　　Article 27

　　When one or more of the following situations occurs， the CPA may directly perform substantive procedures without performing compliance tests：

　　（1） the relevant internal controls do not exist；

　　（2） even though the relevant internal controls exist， the CPA， through preliminary study， discovers that the internal controls do not operate effectively； or

　　（3） compliance tests require more work than the reduction of substantive tests that would have been achieved by performing compliance tests.

　　Article 28

　　Based on the results of the compliance tests， the CPA should assess whether the design and operation of the internal controls are in line with the conclusion drawn from the preliminary assessment of control risk. If there are discrepancies， the assessed level of control risk should be revised and the nature， timing and extent of substantive procedures should be modified accordingly.

　　Article 29

　　In a continuing engagement， the CPA may make use of the information relating to the study and evaluation of internal controls obtained in prior periods， but will need to update it.

　　Article 30

　　The CPA should understand whether the internal controls were applied consistently throughout the accounting period being audited. If there were obvious changes， the CPA should consider testing them separately.

　　Article 31

　　If compliance tests have been performed in the interim audit， the CPA， before deciding to rely entirely on their results， should consider the following factors to obtain further audit evidence for the period between interim period end and final period end：

　　（1） the conclusion drawn from the compliance tests in the interim audit；

　　（2） the length of the remaining period after the interim audit；

　　（3） any changes in internal controls after the interim audit；

　　（4） the nature and amount of the transactions and activities which occurred after the interim audit； and

　　（5） the substantive procedures to be performed.

　　Article 32

　　Before concluding the audit， the CPA should， based on the results of substantive tests and other audit evidence， make a final assessment of the control risk and check whether it is in line with the conclusion drawn from the preliminary assessment of the risk. If not， the CPA should consider whether additional relevant audit procedures should be performed.

　　Article 33

　　As control risk and inherent risk are related， the CPA should make an overall assessment of inherent risk and control risk， and use the result as the basis for the assessment of detection risk.

　　Detection risk refers to the possibility that substantive tests will not detect a misstatement or omission that exists in an account balance or class of transactions that could be material， either individually or when aggregated with misstatements or omissions in other account balances or classes of transactions.

　　The assessment of inherent risk and control risk has a direct impact on the assessment of detection risk. For higher levels of inherent risk and control risk， the CPA should perform more detailed substantive procedures and should also consider their nature， timing and extent to reduce the detection risk to an acceptable level.

　　Article 34

　　Regardless of the result of the assessment of inherent risk and control risk， the CPA should perform substantive tests on all material account balances or classes of transactions.

　　Article 35

　　If， after performing relevant audit procedures， the CPA still believes that detection risk regarding an assertion for a material account balance or class of transactions cannot be reduced to an acceptable level， the CPA should express a qualified opinion or a disclaimer of opinion.

　　Article 36

　　The internal controls in small businesses are usually weaker， resulting in higher inherent risk and control risk. The CPA should heavily or entirely rely on substantive procedures to obtain audit evidence in order to reduce the detection risk to an acceptable level.

　　Chapter 5 Supplementary provisions

　　Article 37

　　The Chinese Institute of Certified Public Accountants is responsible for the interpretation of this standard.

　　Article 38

　　This standard takes effect from 1 January 1997

┨网页设计特效库┠ http://www。z┗co⊙l。com/网页特效/