Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC Guide to Using International Standards on Auditing in - IFAC
52
53
- Page 1 and 2: Guide to</
- Page 3 and 4: 3 Guide to
- Page 5 and 6: 5 Guide to
- Page 7 and 8: Disclaimer This Guide</stro
- Page 9 and 10: 9 Guide to
- Page 11 and 12: 11 Guide t
- Page 13 and 14: 13 2. Clarified ISAs In March 2009,
- Page 15 and 16: 15 Guide t
- Page 17 and 18: 17 Guide t
- Page 19 and 20: Volume 1 Core Concepts
- Page 21 and 22: 21 Guide t
- Page 23 and 24: 23 Guide t
- Page 25 and 26: 25 Guide t
- Page 27 and 28: 27 Guide t
- Page 29 and 30: 29 Guide t
- Page 31 and 32: 31 Guide t
- Page 33 and 34: 33 Guide t
- Page 35 and 36: 35 Guide t
- Page 37 and 38: 37 Guide t
- Page 39 and 40: 39 Guide t
- Page 41 and 42: 41 Guide t
- Page 43 and 44: 43 Guide t
- Page 45 and 46: 45 Guide t
- Page 47 and 48: 47 Guide t
- Page 49 and 50: 49 Guide t
- Page 51: 51 5. Internal Control — Purpose
- Page 55 and 56: 55 Guide t
- Page 57 and 58: 57 Guide t
- Page 59 and 60: 59 Guide t
- Page 61 and 62: 61 Guide t
- Page 63 and 64: 63 Guide t
- Page 65 and 66: 65 Guide t
- Page 67 and 68: 67 Guide t
- Page 69 and 70: 69 Guide t
- Page 71 and 72: 71 Guide t
- Page 73 and 74: 73 Guide t
- Page 75 and 76: 75 Guide t
- Page 77 and 78: 77 6. Financial Statement Assertion
- Page 79 and 80: 79 Guide t
- Page 81 and 82: 81 Guide t
- Page 83 and 84: 83 Guide t
- Page 85 and 86: 85 Guide t
- Page 87 and 88: 87 Guide t
- Page 89 and 90: 89 Guide t
- Page 91 and 92: 91 Guide t
- Page 93 and 94: 93 Guide t
- Page 95 and 96: 95 Guide t
- Page 97 and 98: 97 Guide t
- Page 99 and 100: 99 Guide t
- Page 101 and 102: 101 Guide
52<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
Paragraph #<br />
315.4(c)<br />
Relevant Extracts from ISAs<br />
Internal c<strong>on</strong>trol—The process designed, implemented and ma<strong>in</strong>ta<strong>in</strong>ed by those charged<br />
with governance, management and other pers<strong>on</strong>nel <str<strong>on</strong>g>to</str<strong>on</strong>g> provide reas<strong>on</strong>able assurance about<br />
the achievement of an entity’s objectives with regard <str<strong>on</strong>g>to</str<strong>on</strong>g> reliability of f<strong>in</strong>ancial report<strong>in</strong>g,<br />
effectiveness and efficiency of operati<strong>on</strong>s, and compliance with applicable laws and<br />
regulati<strong>on</strong>s. The term “c<strong>on</strong>trols” refers <str<strong>on</strong>g>to</str<strong>on</strong>g> any aspects of <strong>on</strong>e or more of the comp<strong>on</strong>ents of<br />
<strong>in</strong>ternal c<strong>on</strong>trol.<br />
315.12 The audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall obta<strong>in</strong> an understand<strong>in</strong>g of <strong>in</strong>ternal c<strong>on</strong>trol relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit. Although<br />
most c<strong>on</strong>trols relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit are likely <str<strong>on</strong>g>to</str<strong>on</strong>g> relate <str<strong>on</strong>g>to</str<strong>on</strong>g> f<strong>in</strong>ancial report<strong>in</strong>g, not all c<strong>on</strong>trols that<br />
relate <str<strong>on</strong>g>to</str<strong>on</strong>g> f<strong>in</strong>ancial report<strong>in</strong>g are relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit. It is a matter of the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s professi<strong>on</strong>al<br />
judgment whether a c<strong>on</strong>trol, <strong>in</strong>dividually or <strong>in</strong> comb<strong>in</strong>ati<strong>on</strong> with others, is relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the<br />
audit. (Ref: Para. A42-A65)<br />
315.13 When obta<strong>in</strong><strong>in</strong>g an understand<strong>in</strong>g of c<strong>on</strong>trols that are relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall<br />
evaluate the design of those c<strong>on</strong>trols and determ<strong>in</strong>e whether they have been implemented, by<br />
perform<strong>in</strong>g procedures <strong>in</strong> additi<strong>on</strong> <str<strong>on</strong>g>to</str<strong>on</strong>g> <strong>in</strong>quiry of the entity’s pers<strong>on</strong>nel. (Ref: Para. A66-A68)<br />
5.1 Overview<br />
Internal c<strong>on</strong>trol is designed, implemented, and ma<strong>in</strong>ta<strong>in</strong>ed by those charged with governance and<br />
management of other pers<strong>on</strong>nel <str<strong>on</strong>g>to</str<strong>on</strong>g> address identified bus<strong>in</strong>ess and fraud risks that threaten the achievement<br />
of stated objectives, such as the reliability of f<strong>in</strong>ancial report<strong>in</strong>g.<br />
Note: A c<strong>on</strong>trol is always designed <str<strong>on</strong>g>to</str<strong>on</strong>g> resp<strong>on</strong>d (mitigate) <str<strong>on</strong>g>to</str<strong>on</strong>g> a possible risk. A c<strong>on</strong>trol that does not address a<br />
risk is obviously redundant.<br />
The first step <strong>in</strong> evaluat<strong>in</strong>g c<strong>on</strong>trol design is <str<strong>on</strong>g>to</str<strong>on</strong>g> identify the risks that require mitigati<strong>on</strong> by c<strong>on</strong>trol. The sec<strong>on</strong>d<br />
step is then <str<strong>on</strong>g>to</str<strong>on</strong>g> identify what c<strong>on</strong>trols are <strong>in</strong> place <str<strong>on</strong>g>to</str<strong>on</strong>g> address those risks.<br />
5.2 Internal C<strong>on</strong>trol Objectives<br />
Internal c<strong>on</strong>trol is management’s resp<strong>on</strong>se <strong>in</strong>tended <str<strong>on</strong>g>to</str<strong>on</strong>g> mitigate an identified risk fac<str<strong>on</strong>g>to</str<strong>on</strong>g>r or achieve a c<strong>on</strong>trol<br />
objective. There is a direct relati<strong>on</strong>ship between an entity’s objectives and the <strong>in</strong>ternal c<strong>on</strong>trol it implements<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> ensure their achievement. Once objectives are set, it is possible <str<strong>on</strong>g>to</str<strong>on</strong>g> identify and assess potential events<br />
(risks) that would prevent the achievement of the objectives. Based <strong>on</strong> this <strong>in</strong>formati<strong>on</strong>, management can<br />
develop appropriate resp<strong>on</strong>ses, which will <strong>in</strong>clude the design of <strong>in</strong>ternal c<strong>on</strong>trol.<br />
Internal c<strong>on</strong>trol objectives can be broadly grouped <strong>in</strong><str<strong>on</strong>g>to</str<strong>on</strong>g> four categories:<br />
• Strategic, high-level goals that support the missi<strong>on</strong> of the entity;<br />
• F<strong>in</strong>ancial report<strong>in</strong>g (<strong>in</strong>ternal c<strong>on</strong>trol over f<strong>in</strong>ancial report<strong>in</strong>g);<br />
• Operati<strong>on</strong>s (operati<strong>on</strong>al c<strong>on</strong>trols); and<br />
• Compliance with laws and regulati<strong>on</strong>s.<br />
Internal c<strong>on</strong>trol relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> an audit primarily perta<strong>in</strong>s <str<strong>on</strong>g>to</str<strong>on</strong>g> f<strong>in</strong>ancial report<strong>in</strong>g. This addresses the entity’s<br />
objective of prepar<strong>in</strong>g f<strong>in</strong>ancial statements for external purposes.<br />
Operati<strong>on</strong>al c<strong>on</strong>trols, such as producti<strong>on</strong> and staff schedul<strong>in</strong>g, quality c<strong>on</strong>trol, and employee compliance with<br />
health and safety requirements, would not normally be relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit, except where: