Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
129<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
Design<strong>in</strong>g Tests of C<strong>on</strong>trols<br />
Tests of c<strong>on</strong>trols are used <str<strong>on</strong>g>to</str<strong>on</strong>g> ga<strong>in</strong> evidence about the operat<strong>in</strong>g effectiveness of c<strong>on</strong>trols <strong>in</strong>cluded <strong>in</strong> any of<br />
the five elements of <strong>in</strong>ternal c<strong>on</strong>trol. See the illustrati<strong>on</strong> below and Volume 1, Chapter 5 of this <str<strong>on</strong>g>Guide</str<strong>on</strong>g> for<br />
additi<strong>on</strong>al <strong>in</strong>formati<strong>on</strong> <strong>on</strong> each of the five <strong>in</strong>ternal c<strong>on</strong>trol elements.<br />
Exhibit 10.5-1<br />
Significant F/S Accounts & Disclosures<br />
Pervasive<br />
C<strong>on</strong>trols<br />
C<strong>on</strong>trol<br />
Envir<strong>on</strong>ment<br />
M<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r<strong>in</strong>g<br />
Risk<br />
Assessment<br />
Entity Level C<strong>on</strong>trols<br />
General IT c<strong>on</strong>trols<br />
Includes c<strong>on</strong>trols over:<br />
Fraud (management<br />
override)<br />
Centralized process<strong>in</strong>g<br />
Period-end f<strong>in</strong>ancial<br />
report<strong>in</strong>g process<br />
Specific<br />
C<strong>on</strong>trols<br />
C<strong>on</strong>trol<br />
Activities<br />
Informati<strong>on</strong><br />
System<br />
Transacti<strong>on</strong>al<br />
C<strong>on</strong>trols<br />
IT applicati<strong>on</strong><br />
c<strong>on</strong>trols<br />
Transacti<strong>on</strong>s<br />
Specific c<strong>on</strong>trols (such as c<strong>on</strong>trol activities) directly address the preventi<strong>on</strong> or detecti<strong>on</strong> and correcti<strong>on</strong> of<br />
misstatements, whereas pervasive c<strong>on</strong>trols provide the foundati<strong>on</strong> for the specific c<strong>on</strong>trols and <strong>in</strong>fluence<br />
their operati<strong>on</strong>.<br />
In smaller entities, some pervasive c<strong>on</strong>trols (such as the c<strong>on</strong>trol envir<strong>on</strong>ment) may also serve <str<strong>on</strong>g>to</str<strong>on</strong>g> address<br />
specific risks of misstatement for a relevant asserti<strong>on</strong> (e.g., where senior management is directly <strong>in</strong>volved <strong>in</strong><br />
supervis<strong>in</strong>g and approv<strong>in</strong>g day-<str<strong>on</strong>g>to</str<strong>on</strong>g>-day transacti<strong>on</strong>s). In this case, if the pervasive c<strong>on</strong>trols were tested and<br />
found <str<strong>on</strong>g>to</str<strong>on</strong>g> operate effectively, there would be no need <str<strong>on</strong>g>to</str<strong>on</strong>g> test other c<strong>on</strong>trols (such as c<strong>on</strong>trol activities) related<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> the particular risks <strong>in</strong>volved.<br />
CONSIDER POINT<br />
Dom<strong>in</strong>ati<strong>on</strong> of management by a s<strong>in</strong>gle <strong>in</strong>dividual does not mean that <strong>in</strong>ternal c<strong>on</strong>trol is weak or does<br />
not exist. In fact, the <strong>in</strong>volvement of a competent owner-manager <strong>in</strong> the detailed day-<str<strong>on</strong>g>to</str<strong>on</strong>g>-day operati<strong>on</strong>s<br />
would be an important c<strong>on</strong>trol-envir<strong>on</strong>ment strength. The opportunity for management override<br />
of <strong>in</strong>ternal c<strong>on</strong>trol still exists, but can be reduced <str<strong>on</strong>g>to</str<strong>on</strong>g> some extent (<strong>in</strong> virtually any size of entity) by<br />
implement<strong>in</strong>g some simple anti-fraud c<strong>on</strong>trols. (See Volume 1, Chapter 5.)