Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
47<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
4.6 C<strong>on</strong>trol Activities<br />
C<strong>on</strong>trol activities are designed <str<strong>on</strong>g>to</str<strong>on</strong>g> ensure compliance with the firm’s established policies and procedures.<br />
One possible way <str<strong>on</strong>g>to</str<strong>on</strong>g> design, implement, and m<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r quality c<strong>on</strong>trol is <str<strong>on</strong>g>to</str<strong>on</strong>g> follow the PDCA (plan-do-check-act) process.<br />
Each of the elements is described below.<br />
Exhibit 4.6-1<br />
Step<br />
PLAN<br />
DO<br />
CHECK<br />
ACT<br />
Descripti<strong>on</strong><br />
Establish the objectives and quality c<strong>on</strong>trol processes necessary <str<strong>on</strong>g>to</str<strong>on</strong>g> deliver the<br />
required outputs.<br />
Implement the new processes, often <strong>on</strong> a small scale if possible.<br />
Measure the new processes, and compare the results aga<strong>in</strong>st the expected results <str<strong>on</strong>g>to</str<strong>on</strong>g><br />
ascerta<strong>in</strong> any differences.<br />
Analyze the differences <str<strong>on</strong>g>to</str<strong>on</strong>g> determ<strong>in</strong>e their cause. Each will be part of either <strong>on</strong>e<br />
or more of the P-D-C-A steps. Determ<strong>in</strong>e where <str<strong>on</strong>g>to</str<strong>on</strong>g> apply changes that <strong>in</strong>clude<br />
improvement.<br />
For example, a firm objective may be not <str<strong>on</strong>g>to</str<strong>on</strong>g> release the audit report until all queries and outstand<strong>in</strong>g items<br />
have been cleared. The required policy is that the f<strong>in</strong>al engagement report may not be released, filed, or<br />
otherwise distributed until certa<strong>in</strong> specified approvals have been obta<strong>in</strong>ed. Implementati<strong>on</strong> of the policy<br />
could be c<strong>on</strong>trolled through a f<strong>in</strong>al release process where<strong>in</strong> a pers<strong>on</strong> verifies that all approvals have <strong>in</strong> fact<br />
been obta<strong>in</strong>ed and documented. The effectiveness of the policy could be checked by periodic <strong>in</strong>specti<strong>on</strong>s of<br />
the approval sign-offs. If deviati<strong>on</strong>s are identified, the reas<strong>on</strong>s would be <strong>in</strong>vestigated, and appropriate acti<strong>on</strong><br />
such as discipl<strong>in</strong>e, tra<strong>in</strong><strong>in</strong>g, or changes <strong>in</strong> the policy would be c<strong>on</strong>sidered.<br />
C<strong>on</strong>trol activities <str<strong>on</strong>g>to</str<strong>on</strong>g> address all policies and procedures would not be possible or cost-effective. Firms should<br />
use professi<strong>on</strong>al judgment and their assessment of risk <str<strong>on</strong>g>to</str<strong>on</strong>g> determ<strong>in</strong>e what c<strong>on</strong>trols need <str<strong>on</strong>g>to</str<strong>on</strong>g> be implemented.<br />
C<strong>on</strong>trol activities could be c<strong>on</strong>sidered for:<br />
• All the policies and procedures documented <strong>in</strong> the firm’s quality c<strong>on</strong>trol manual;<br />
• Office workflow policies;<br />
• Operati<strong>on</strong>al policies and procedures; and<br />
• Other pers<strong>on</strong>nel-related policies and procedures.<br />
The scope for c<strong>on</strong>trol-activity design would address all the quality c<strong>on</strong>trol, ethical, and <strong>in</strong>dependence<br />
requirements and the firm’s compliance with ISAs relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit.