Guide to Using International Standards on Auditing in - IFAC

17.03.2014 Views
56 ong>Guideong> ong>toong> ong>Usingong> ong>Internationalong> ong>Standardsong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Key Elements ong>toong> Address Management’s Philosophy and Operating Style Organizational Structure Assignment of Authority and Responsibility Human Resources Policies and Practices Description Management’s approach ong>toong> taking and managing business risks, and management’s attitudes and actions ong>toong>ward financial reporting, information processing, accounting functions, and personnel. The framework within which an entity’s activities for achieving its objectives are planned, executed, controlled, and reviewed. How authority and responsibility for operating activities are assigned, and how reporting relationships and authorization hierarchies are established. Recruitment, orientation, training, evaluating, counselling, promoting, compensating, and remedial actions. The controls outlined above are pervasive ong>toong> the entire entity and are often more subjective ong>toong> evaluate than the traditional control activities (such as segregation of duties). Therefore, the audiong>toong>r will exercise professional judgment in this evaluation. Control-environment strengths can compensate or even replace weak transactional controls in some situations. However, control-environment weaknesses can undermine and even negate good design in other components of internal control. For example, if a culture of honesty and ethical behavior did not exist, the audiong>toong>r would have ong>toong> consider carefully what types of (additional) audit procedures would be effective in finding material misstatements in the financial statements. In some cases, the audiong>toong>r may conclude that internal control has broken down ong>toong> such an extent that the only option is ong>toong> withdraw from the engagement. The Control Environment in Smaller Entities The control environment within small entities will differ from larger entities, but is just as important. This is particularly true when the entity does not have the staff or resources ong>toong> implement traditional control activities such as segregation of duties. In smaller entities, the active involvement of a competent owner-manager (a control-environment strength) may well reduce the need for other control activities such as segregation of duties. Consequently, control environment strengths can serve ong>toong> indirectly prevent or detect and correct certain types of misstatement. For example, when the owner-manager reviews and approves individual transactions before they are completed, it may serve ong>toong> prevent or detect and correct certain specific errors or fraud. However, this control environment strength would not mitigate other risks such as management override of controls. In smaller entities, there will typically be less documentation available ong>toong> support control environment controls. Consequently, the attitudes, awareness, and actions of management (such as owner-managers) will often form the basis for evaluating control design and implementation. For example, larger entities are likely ong>toong> provide staff with a code of conduct that outlines acceptable behaviors and consequences for violating codes or rules. Smaller entities may communicate similar values and acceptable behaviors through oral communications and by management example. Where there is no supporting documentation for a particular control, the audiong>toong>r would prepare a memorandum for the file. For example, in addressing whether there is communication and enforcement of integrity and ethical values, the audiong>toong>r could:

57 ong>Guideong> ong>toong> ong>Usingong> ong>Internationalong> ong>Standardsong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts • Identify the entity’s values, acceptable behaviors, and enforcement actions through discussions with management. The audiong>toong>r would then assess whether they are sufficient ong>toong> address the control design. • Ask one or two employees what they believe are the entity’s values, acceptable behaviors, and enforcement actions. These interviews would address whether management’s values and acceptable behaviors have been communicated and enforced. This would address control implementation. CONSIDER POINT Small entities are often reluctant ong>toong> document internal controls which operate informally. However, there can often be benefits ong>toong> management in taking the time ong>toong> document some of the more important policies and procedures. Such policies and procedures could be provided ong>toong> staff joining the entity, and audit time may be saved versus having ong>toong> make inquiries each period. In the example cited above, even the smallest entity could prepare a simple statement of values and acceptable behaviors that could be provided ong>toong> employees and then referred ong>toong> when an issue arises. In smaller entities, some of the key areas ong>toong> address in assessing the control environment are outlined in the exhibit below. Exhibit 5.3-3 Control Element The Key Question Possible Controls Communication and Enforcement of Integrity and Ethical Values Commitment ong>toong> Competence What management actions serve ong>toong> eliminate or mitigate incentives or temptations that might prompt personnel ong>toong> engage in dishonest, illegal, or unethical acts? Do personnel have the knowledge and skills necessary ong>toong> accomplish their tasks? • Management continually demonstrates, through words and actions, a commitment ong>toong> high ethical standards. • Management removes or reduces incentives or temptations that might cause personnel ong>toong> engage in dishonest or unethical acts. • A code of conduct or equivalent exists that sets out expected standards of ethical and moral behavior. • Employees clearly understand what behavior is acceptable and unacceptable, and know what ong>toong> do when they encounter improper behavior. • Enforcement actions are taken when required. • Management takes the necessary steps ong>toong> ensure that personnel have the requisite knowledge and skills required for their jobs. • Job descriptions exist and are effectively used. • Management provides personnel with access ong>toong> training programs on relevant ong>toong>pics. • Initial and ongoing matching of staff skills ong>toong> their job descriptions.

Page 1 and 2: Guide to</

Page 3 and 4: 3 Guide to


Page 7 and 8: Disclaimer This Guide</stro


Page 11 and 12: 11 Guide t

Page 13 and 14: 13 2. Clarified ISAs In March 2009,



Page 19 and 20: Volume 1 Core Concepts
















Page 51 and 52: 51 5. Internal Control — Purpose


Page 55: 55 Guide t










Page 77 and 78: 77 6. Financial Statement Assertion












Page 101 and 102: 101 Guide







Page 115 and 116: 115 10. Further Audit Procedures Ch















Page 145 and 146: 145 12. Related Parties Chapter Con








Page 161 and 162: 161 14. Going Concern Chapter Conte





Page 171 and 172: 171 15. Summary of Other ISA Requir

















Page 205 and 206: 205 16. Audit Documentation Chapter
















audit

auditor

procedures

statements

controls

relevant

entities

auditing

volume

audits

ifac

www.kacr.cz

Guide to Using International Standards on Auditing in - IFAC

Guide to Using International Standards on Auditing in - IFAC ... View more Guide to Using International Standards on Auditing in - IFAC

Delete template?

Save as template ?

Guide to Using International Standards on Auditing in - IFAC Guide to Using International Standards on Auditing in - IFAC