Auditing and Attestation（AUD）

　　II. Auditing and Attestation:Understanding the Entity and Its Environment（including Internal Control）（16% - 20%）

　　A. Determine and Document Materiality

　　B. Conduct and Document Risk Assessment Discussions Among Audit Team,Concurrently with Discussion on Susceptibility of the Entity's Financial Statement to Material Misstatement Due to Fraud

　　C. Consideration of Fraud

　　1. Identify characteristics of fraud

　　2. Document required discussions regarding risk of fraud

　　3. Document inquiries of management about fraud

　　4. Identify and assess risks that may result in material misstatements due to fraud

　　D. Perform and Document Risk Assessment Procedures

　　1. Identify,conduct and document appropriate inquiries of management and others within the entity

　　2. Perform appropriate analytical procedures to understand the entity and identify areas of risk

　　3. Obtain information to support inquiries through observation and inspection（including reading corporate minutes, etc.）

　　E. Consider Additional Aspects of the Entity and its Environment， including：Industry，Regulatory and Other External Factors； Strategies and Business Risks； Financial Performance

　　F. Consider Internal Control

　　1. Perform procedures to assess the control environment,including consideration of the COSO framework and identifying entity-level controls

　　2. Obtain and document an understanding of business processes and information flows

　　3. Determine the effect of information technology on the effectiveness of an entity's internal control

　　4. Perform risk assessment procedures to evaluate the design and implementation of internal controls relevant to an audit of financial statements

　　5. Identify key risks associated with general controls in a financial IT environment,including change management,backup/recovery,and network access（e.g. administrative rights）

　　6. Identify key risks associated with application functionality that supports financial transaction cycles,including:application access control （e.g.administrative access rights）; controls over interfaces,integrations,and e-commerce;significant algorithms,reports,validation,edit checks,error handling,etc.

　　7. Assess whether the entity has designed controls to mitigate key risks associated with general controls or application functionality

　　8. Identify controls relevant to reliable financial reporting and the period-end financial reporting process

　　9. Consider limitations of internal control

　　10. Consider the effects of service organizations on internal control

　　11. Consider the risk of management override of internal controls

　　G. Document an Understanding of the Entity and its Environment,including Each Component of the Entity's Internal Control,in Order to Assess Risks

　　H. Assess and Document the Risk of Material Misstatements

　　1. Identify and document financial statement assertions and formulate audit objectives including significant financial statement balances,classes of transactions,disclosures,and accounting estimates

　　2. Relate the identified risks to relevant assertions and consider whether the risks could result in a material misstatement to the financial statements

　　3. Assess and document the risk of material misstatement that relates to both financial statement level and specific assertions

　　4. Identify and document conditions and events that may indicate risks of material misstatement

　　I. Identify and Document Significant Risks that Require Special Audit Consideration

　　1. Significant recent economic,accounting,or other developments

　　2. Related parties and related party transactions

　　3. Improper revenue recognition

　　4. Nonroutine or complex transactions

　　5. Significant accounting estimates

　　6. Illegal acts