Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
24<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
Audit Risk Comp<strong>on</strong>ents<br />
The major comp<strong>on</strong>ents of audit risk are described <strong>in</strong> the exhibit below.<br />
Exhibit 3.2-2<br />
Nature Descripti<strong>on</strong> Commentary<br />
Inherent Risk The susceptibility of an asserti<strong>on</strong> about a<br />
class of transacti<strong>on</strong>, account balance, or<br />
disclosure <str<strong>on</strong>g>to</str<strong>on</strong>g> a misstatement that could<br />
be material, either <strong>in</strong>dividually or when<br />
aggregated with other misstatements,<br />
before c<strong>on</strong>siderati<strong>on</strong> of any related<br />
c<strong>on</strong>trols.<br />
This <strong>in</strong>cludes events or c<strong>on</strong>diti<strong>on</strong>s<br />
(<strong>in</strong>ternal or external) that could result<br />
<strong>in</strong> a misstatement (error or fraud) <strong>in</strong> the<br />
f<strong>in</strong>ancial statements. The sources of risk<br />
(often categorized as bus<strong>in</strong>ess or fraud<br />
risks) can arise from the entity’s objectives,<br />
the nature of its operati<strong>on</strong>s/<strong>in</strong>dustry,<br />
the regula<str<strong>on</strong>g>to</str<strong>on</strong>g>ry envir<strong>on</strong>ment <strong>in</strong> which it<br />
operates, and its size and complexity.<br />
C<strong>on</strong>trol Risk<br />
The risk that a misstatement that could<br />
occur <strong>in</strong> an asserti<strong>on</strong> about a class<br />
of transacti<strong>on</strong>, account balance, or<br />
disclosure and that could be material,<br />
either <strong>in</strong>dividually or when aggregated<br />
with other misstatements, will not be<br />
prevented, or detected and corrected,<br />
<strong>on</strong> a timely basis by the entity’s <strong>in</strong>ternal<br />
c<strong>on</strong>trol.<br />
Management designs c<strong>on</strong>trols <str<strong>on</strong>g>to</str<strong>on</strong>g><br />
mitigate a specified <strong>in</strong>herent (bus<strong>in</strong>ess<br />
or fraud risk) fac<str<strong>on</strong>g>to</str<strong>on</strong>g>r. An entity assesses its<br />
risks (risk assessment) and then designs<br />
and implements appropriate c<strong>on</strong>trols<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> reduce its risk exposure <str<strong>on</strong>g>to</str<strong>on</strong>g> a <str<strong>on</strong>g>to</str<strong>on</strong>g>lerable<br />
(acceptable) level.<br />
C<strong>on</strong>trols may be:<br />
• Pervasive <strong>in</strong> nature, such as<br />
management’s attitude <str<strong>on</strong>g>to</str<strong>on</strong>g>ward<br />
c<strong>on</strong>trol, commitment <str<strong>on</strong>g>to</str<strong>on</strong>g> hir<strong>in</strong>g<br />
competent people, and preventi<strong>on</strong><br />
of fraud. These are generally called<br />
entity-level c<strong>on</strong>trols; and<br />
• Specific <str<strong>on</strong>g>to</str<strong>on</strong>g> the <strong>in</strong>itiati<strong>on</strong>, process<strong>in</strong>g,<br />
or record<strong>in</strong>g of a particular<br />
transacti<strong>on</strong>. These are often called<br />
bus<strong>in</strong>ess process, activity-level, or<br />
transacti<strong>on</strong> c<strong>on</strong>trols.