Guide to Using International Standards on Auditing in - IFAC

More documents

Recommendations

Info

128 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Purpose Tests of controls are tests designed <strong>to</strong> obtain audit evidence about the operating effectiveness of controls. Controls can prevent material misstatements at the assertion level from occurring al<strong>to</strong>gether, or detect and then correct them after they have occurred. The controls selected for testing would be those that provide necessary audit evidence for a relevant assertion. CONSIDER POINT A walk-through procedure <strong>to</strong> determine whether a control has been implemented is not a test of controls. It is a risk assessment procedure, the results of which may determine whether tests of controls would be useful, and if so, how they would be designed. Tests of controls are considered by the audi<strong>to</strong>r when: • The risk assessment is based on an expectation that internal control operates effectively; or • Substantive procedures alone will not provide sufficient appropriate audit evidence at the assertion level. This might apply where sales are made over the Internet and no documentation of transactions is produced or maintained, other than through the IT system. Selecting sample sizes for tests of controls is addressed in Volume 2, Chapter 17 on the extent of testing. Tests of controls are designed <strong>to</strong> obtain audit evidence about: • How internal control procedures were applied throughout, or at relevant times during, the period under audit. If substantially different controls were used at different times during the period, each control system should be considered separately; • The consistency with which internal control procedures were applied; and • By whom or by what means controls were applied. CONSIDER POINT When auditing smaller entities, audi<strong>to</strong>rs often plan <strong>to</strong> perform substantive procedures, on the assumption that tests of existing control activities would not be practical due <strong>to</strong> limited segregation of duties, etc. Before jumping <strong>to</strong> that conclusion, consider: • The strength of the control environment and other elements of internal control; • Existence of control activities over assertions where it would be more efficient <strong>to</strong> gain evidence through tests of controls; and • Assertions where substantive procedures alone will not reduce the risks of material misstatement <strong>to</strong> an acceptably low level. For instance, this may be the case for the completeness of revenues.
129 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Designing Tests of Controls Tests of controls are used <strong>to</strong> gain evidence about the operating effectiveness of controls included in any of the five elements of internal control. See the illustration below and Volume 1, Chapter 5 of this <strong>Guide</strong> for additional information on each of the five internal control elements. Exhibit 10.5-1 Significant F/S Accounts & Disclosures Pervasive Controls Control Environment Moni<strong>to</strong>ring Risk Assessment Entity Level Controls General IT controls Includes controls over: Fraud (management override) Centralized processing Period-end financial reporting process Specific Controls Control Activities Information System Transactional Controls IT application controls Transactions Specific controls (such as control activities) directly address the prevention or detection and correction of misstatements, whereas pervasive controls provide the foundation for the specific controls and influence their operation. In smaller entities, some pervasive controls (such as the control environment) may also serve <strong>to</strong> address specific risks of misstatement for a relevant assertion (e.g., where senior management is directly involved in supervising and approving day-<strong>to</strong>-day transactions). In this case, if the pervasive controls were tested and found <strong>to</strong> operate effectively, there would be no need <strong>to</strong> test other controls (such as control activities) related <strong>to</strong> the particular risks involved. CONSIDER POINT Domination of management by a single individual does not mean that internal control is weak or does not exist. In fact, the involvement of a competent owner-manager in the detailed day-<strong>to</strong>-day operations would be an important control-environment strength. The opportunity for management override of internal control still exists, but can be reduced <strong>to</strong> some extent (in virtually any size of entity) by implementing some simple anti-fraud controls. (See Volume 1, Chapter 5.)
Page 1 and 2:
Guide to</
Page 3 and 4:
3 Guide to
Page 5 and 6:
5 Guide to
Page 7 and 8:
Disclaimer This Guide</stro
Page 9 and 10:
9 Guide to
Page 11 and 12:
11 Guide t
Page 13 and 14:
13 2. Clarified ISAs In March 2009,
Page 15 and 16:
15 Guide t
Page 17 and 18:
17 Guide t
Page 19 and 20:
Volume 1 Core Concepts
Page 21 and 22:
21 Guide t
Page 23 and 24:
23 Guide t
Page 25 and 26:
25 Guide t
Page 27 and 28:
27 Guide t
Page 29 and 30:
29 Guide t
Page 31 and 32:
31 Guide t
Page 33 and 34:
33 Guide t
Page 35 and 36:
35 Guide t
Page 37 and 38:
37 Guide t
Page 39 and 40:
39 Guide t
Page 41 and 42:
41 Guide t
Page 43 and 44:
43 Guide t
Page 45 and 46:
45 Guide t
Page 47 and 48:
47 Guide t
Page 49 and 50:
49 Guide t
Page 51 and 52:
51 5. Internal Control — Purpose
Page 53 and 54:
53 Guide t
Page 55 and 56:
55 Guide t
Page 57 and 58:
57 Guide t
Page 59 and 60:
59 Guide t
Page 61 and 62:
61 Guide t
Page 63 and 64:
63 Guide t
Page 65 and 66:
65 Guide t
Page 67 and 68:
67 Guide t
Page 69 and 70:
69 Guide t
Page 71 and 72:
71 Guide t
Page 73 and 74:
73 Guide t
Page 75 and 76:
75 Guide t
Page 77 and 78: 77 6. Financial Statement Assertion
Page 79 and 80: 79 Guide t
Page 101 and 102: 101 Guide
Page 115 and 116: 115 10. Further Audit Procedures Ch
Page 127: 127 Guide
Page 145 and 146: 145 12. Related Parties Chapter Con
Page 161 and 162: 161 14. Going Concern Chapter Conte
Page 171 and 172: 171 15. Summary of Other ISA Requir
Page 179 and 180:
179 Guide
Page 181 and 182:
181 Guide
Page 183 and 184:
183 Guide
Page 185 and 186:
185 Guide
Page 187 and 188:
187 Guide
Page 189 and 190:
189 Guide
Page 191 and 192:
191 Guide
Page 193 and 194:
193 Guide
Page 195 and 196:
195 Guide
Page 197 and 198:
197 Guide
Page 199 and 200:
199 Guide
Page 201 and 202:
201 Guide
Page 203 and 204:
203 Guide
Page 205 and 206:
205 16. Audit Documentation Chapter
Page 207 and 208:
207 Guide
Page 209 and 210:
209 Guide
Page 211 and 212:
211 Guide
Page 213 and 214:
213 Guide
Page 215 and 216:
215 Guide
Page 217 and 218:
217 Guide
Page 219 and 220:
219 Guide
Page 221 and 222:
221 Guide
Page 223 and 224:
223 Guide
Page 225 and 226:
225 Guide
Page 227 and 228:
227 Guide
Page 229 and 230:
229 Guide
Page 231 and 232:
231 Guide
Page 233 and 234:
233 Guide
Page 235 and 236:
235 Guide
show all

Guide to Using International Standards on Auditing in - IFAC

Create successful ePaper yourself

Delete template?

Save as template?