Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC Guide to Using International Standards on Auditing in - IFAC
130
131
- Page 79 and 80: 79 Guide t
- Page 81 and 82: 81 Guide t
- Page 83 and 84: 83 Guide t
- Page 85 and 86: 85 Guide t
- Page 87 and 88: 87 Guide t
- Page 89 and 90: 89 Guide t
- Page 91 and 92: 91 Guide t
- Page 93 and 94: 93 Guide t
- Page 95 and 96: 95 Guide t
- Page 97 and 98: 97 Guide t
- Page 99 and 100: 99 Guide t
- Page 101 and 102: 101 Guide
- Page 103 and 104: 103 Guide
- Page 105 and 106: 105 Guide
- Page 107 and 108: 107 Guide
- Page 109 and 110: 109 Guide
- Page 111 and 112: 111 Guide
- Page 113 and 114: 113 Guide
- Page 115 and 116: 115 10. Further Audit Procedures Ch
- Page 117 and 118: 117 Guide
- Page 119 and 120: 119 Guide
- Page 121 and 122: 121 Guide
- Page 123 and 124: 123 Guide
- Page 125 and 126: 125 Guide
- Page 127 and 128: 127 Guide
- Page 129: 129 Guide
- Page 133 and 134: 133 Guide
- Page 135 and 136: 135 Guide
- Page 137 and 138: 137 Guide
- Page 139 and 140: 139 Guide
- Page 141 and 142: 141 Guide
- Page 143 and 144: 143 Guide
- Page 145 and 146: 145 12. Related Parties Chapter Con
- Page 147 and 148: 147 Guide
- Page 149 and 150: 149 Guide
- Page 151 and 152: 151 Guide
- Page 153 and 154: 153 Guide
- Page 155 and 156: 155 Guide
- Page 157 and 158: 157 Guide
- Page 159 and 160: 159 Guide
- Page 161 and 162: 161 14. Going Concern Chapter Conte
- Page 163 and 164: 163 Guide
- Page 165 and 166: 165 Guide
- Page 167 and 168: 167 Guide
- Page 169 and 170: 169 Guide
- Page 171 and 172: 171 15. Summary of Other ISA Requir
- Page 173 and 174: 173 Guide
- Page 175 and 176: 175 Guide
- Page 177 and 178: 177 Guide
- Page 179 and 180: 179 Guide
131<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
Address<br />
Reliability of the<br />
C<strong>on</strong>trols<br />
Existence of<br />
Indirect C<strong>on</strong>trols<br />
Nature of Test<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> Meet Objectives<br />
Descripti<strong>on</strong><br />
As a general rule, it is not worth test<strong>in</strong>g c<strong>on</strong>trols that may prove <str<strong>on</strong>g>to</str<strong>on</strong>g> be unreliable,<br />
because the small sample sizes comm<strong>on</strong>ly used for test<strong>in</strong>g c<strong>on</strong>trols are based <strong>on</strong> no<br />
deviati<strong>on</strong>s be<strong>in</strong>g found. If any of the follow<strong>in</strong>g fac<str<strong>on</strong>g>to</str<strong>on</strong>g>rs are significant, it may be more<br />
effective <str<strong>on</strong>g>to</str<strong>on</strong>g> perform substantive procedures (if possible):<br />
• His<str<strong>on</strong>g>to</str<strong>on</strong>g>ry of errors.<br />
• Changes <strong>in</strong> the volume or nature of transacti<strong>on</strong>s.<br />
• The underly<strong>in</strong>g entity-level and general IT c<strong>on</strong>trols are weak.<br />
• C<strong>on</strong>trols can be (or have been) circumvented by management.<br />
• Infrequent operati<strong>on</strong> of the c<strong>on</strong>trol.<br />
• Changes <strong>in</strong> pers<strong>on</strong>nel or competence of people perform<strong>in</strong>g the c<strong>on</strong>trol.<br />
• There is a significant manual element <strong>in</strong> the c<strong>on</strong>trol that could be pr<strong>on</strong>e <str<strong>on</strong>g>to</str<strong>on</strong>g> error.<br />
• Complex operati<strong>on</strong>, and major judgments <strong>in</strong>volved with its operati<strong>on</strong>.<br />
Does c<strong>on</strong>trol depend <strong>on</strong> effective operati<strong>on</strong> of other c<strong>on</strong>trols?<br />
This could <strong>in</strong>clude n<strong>on</strong>-f<strong>in</strong>ancial <strong>in</strong>formati<strong>on</strong> produced by a separate process, the<br />
treatment of excepti<strong>on</strong>s, and periodic reviews of reports by managers.<br />
Tests of c<strong>on</strong>trols usually <strong>in</strong>volve a comb<strong>in</strong>ati<strong>on</strong> of the follow<strong>in</strong>g:<br />
• Inquiries of appropriate pers<strong>on</strong>nel;<br />
• Inspecti<strong>on</strong> of relevant documentati<strong>on</strong>;<br />
• Observati<strong>on</strong> of the company’s operati<strong>on</strong>s; and<br />
• Re-performance of the applicati<strong>on</strong> of the c<strong>on</strong>trol.<br />
Note that <strong>in</strong>quiry al<strong>on</strong>e would not be sufficient evidence <str<strong>on</strong>g>to</str<strong>on</strong>g> support a c<strong>on</strong>clusi<strong>on</strong><br />
about the effectiveness of a c<strong>on</strong>trol. For example, <str<strong>on</strong>g>to</str<strong>on</strong>g> test the operat<strong>in</strong>g effectiveness<br />
of <strong>in</strong>ternal c<strong>on</strong>trol over cash receipts, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r might observe the procedures for<br />
open<strong>in</strong>g the mail and process<strong>in</strong>g cash receipts. Because an observati<strong>on</strong> is pert<strong>in</strong>ent<br />
<strong>on</strong>ly at the po<strong>in</strong>t <strong>in</strong> time at which it is made, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r would supplement the<br />
observati<strong>on</strong> with <strong>in</strong>quiries of entity pers<strong>on</strong>nel and <strong>in</strong>specti<strong>on</strong> of documentati<strong>on</strong><br />
about the operati<strong>on</strong> of such <strong>in</strong>ternal c<strong>on</strong>trol at other times.<br />
CONSIDER POINT<br />
Determ<strong>in</strong>e what c<strong>on</strong>stitutes a c<strong>on</strong>trol deviati<strong>on</strong>.<br />
When design<strong>in</strong>g a test of c<strong>on</strong>trol, spend time <str<strong>on</strong>g>to</str<strong>on</strong>g> def<strong>in</strong>e exactly what c<strong>on</strong>stitutes an error or excepti<strong>on</strong><br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> the test. This will save time spent by audit staff <strong>in</strong> determ<strong>in</strong><strong>in</strong>g whether a seem<strong>in</strong>gly m<strong>in</strong>or excepti<strong>on</strong><br />
(such as an <strong>in</strong>correct teleph<strong>on</strong>e number) is, <strong>in</strong> fact, a c<strong>on</strong>trol deviati<strong>on</strong>.<br />
Au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated C<strong>on</strong>trols<br />
There may be some <strong>in</strong>stances where c<strong>on</strong>trol activities are performed by a computer and support<strong>in</strong>g<br />
documentati<strong>on</strong> does not exist. In these situati<strong>on</strong>s, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r may have <str<strong>on</strong>g>to</str<strong>on</strong>g> re-perform some c<strong>on</strong>trols <str<strong>on</strong>g>to</str<strong>on</strong>g><br />
ensure the software applicati<strong>on</strong> c<strong>on</strong>trols are work<strong>in</strong>g as designed. Another approach is <str<strong>on</strong>g>to</str<strong>on</strong>g> use Computer-<br />
Assisted Audit Techniques (CAATs). One example of a CAAT is a software package that can import an entity’s