Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC Guide to Using International Standards on Auditing in - IFAC
56
57
- Page 5 and 6: 5 Guide to
- Page 7 and 8: Disclaimer This Guide</stro
- Page 9 and 10: 9 Guide to
- Page 11 and 12: 11 Guide t
- Page 13 and 14: 13 2. Clarified ISAs In March 2009,
- Page 15 and 16: 15 Guide t
- Page 17 and 18: 17 Guide t
- Page 19 and 20: Volume 1 Core Concepts
- Page 21 and 22: 21 Guide t
- Page 23 and 24: 23 Guide t
- Page 25 and 26: 25 Guide t
- Page 27 and 28: 27 Guide t
- Page 29 and 30: 29 Guide t
- Page 31 and 32: 31 Guide t
- Page 33 and 34: 33 Guide t
- Page 35 and 36: 35 Guide t
- Page 37 and 38: 37 Guide t
- Page 39 and 40: 39 Guide t
- Page 41 and 42: 41 Guide t
- Page 43 and 44: 43 Guide t
- Page 45 and 46: 45 Guide t
- Page 47 and 48: 47 Guide t
- Page 49 and 50: 49 Guide t
- Page 51 and 52: 51 5. Internal Control — Purpose
- Page 53 and 54: 53 Guide t
- Page 55: 55 Guide t
- Page 59 and 60: 59 Guide t
- Page 61 and 62: 61 Guide t
- Page 63 and 64: 63 Guide t
- Page 65 and 66: 65 Guide t
- Page 67 and 68: 67 Guide t
- Page 69 and 70: 69 Guide t
- Page 71 and 72: 71 Guide t
- Page 73 and 74: 73 Guide t
- Page 75 and 76: 75 Guide t
- Page 77 and 78: 77 6. Financial Statement Assertion
- Page 79 and 80: 79 Guide t
- Page 81 and 82: 81 Guide t
- Page 83 and 84: 83 Guide t
- Page 85 and 86: 85 Guide t
- Page 87 and 88: 87 Guide t
- Page 89 and 90: 89 Guide t
- Page 91 and 92: 91 Guide t
- Page 93 and 94: 93 Guide t
- Page 95 and 96: 95 Guide t
- Page 97 and 98: 97 Guide t
- Page 99 and 100: 99 Guide t
- Page 101 and 102: 101 Guide
- Page 103 and 104: 103 Guide
- Page 105 and 106: 105 Guide
56<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
Key Elements<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> Address<br />
Management’s<br />
Philosophy and<br />
Operat<strong>in</strong>g Style<br />
Organizati<strong>on</strong>al<br />
Structure<br />
Assignment of<br />
Authority and<br />
Resp<strong>on</strong>sibility<br />
Human Resources<br />
Policies and<br />
Practices<br />
Descripti<strong>on</strong><br />
Management’s approach <str<strong>on</strong>g>to</str<strong>on</strong>g> tak<strong>in</strong>g and manag<strong>in</strong>g bus<strong>in</strong>ess risks, and management’s<br />
attitudes and acti<strong>on</strong>s <str<strong>on</strong>g>to</str<strong>on</strong>g>ward f<strong>in</strong>ancial report<strong>in</strong>g, <strong>in</strong>formati<strong>on</strong> process<strong>in</strong>g, account<strong>in</strong>g<br />
functi<strong>on</strong>s, and pers<strong>on</strong>nel.<br />
The framework with<strong>in</strong> which an entity’s activities for achiev<strong>in</strong>g its objectives are<br />
planned, executed, c<strong>on</strong>trolled, and reviewed.<br />
How authority and resp<strong>on</strong>sibility for operat<strong>in</strong>g activities are assigned, and how<br />
report<strong>in</strong>g relati<strong>on</strong>ships and authorizati<strong>on</strong> hierarchies are established.<br />
Recruitment, orientati<strong>on</strong>, tra<strong>in</strong><strong>in</strong>g, evaluat<strong>in</strong>g, counsell<strong>in</strong>g, promot<strong>in</strong>g, compensat<strong>in</strong>g,<br />
and remedial acti<strong>on</strong>s.<br />
The c<strong>on</strong>trols outl<strong>in</strong>ed above are pervasive <str<strong>on</strong>g>to</str<strong>on</strong>g> the entire entity and are often more subjective <str<strong>on</strong>g>to</str<strong>on</strong>g> evaluate than<br />
the traditi<strong>on</strong>al c<strong>on</strong>trol activities (such as segregati<strong>on</strong> of duties). Therefore, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r will exercise professi<strong>on</strong>al<br />
judgment <strong>in</strong> this evaluati<strong>on</strong>.<br />
C<strong>on</strong>trol-envir<strong>on</strong>ment strengths can compensate or even replace weak transacti<strong>on</strong>al c<strong>on</strong>trols <strong>in</strong> some<br />
situati<strong>on</strong>s. However, c<strong>on</strong>trol-envir<strong>on</strong>ment weaknesses can underm<strong>in</strong>e and even negate good design <strong>in</strong> other<br />
comp<strong>on</strong>ents of <strong>in</strong>ternal c<strong>on</strong>trol. For example, if a culture of h<strong>on</strong>esty and ethical behavior did not exist, the<br />
audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r would have <str<strong>on</strong>g>to</str<strong>on</strong>g> c<strong>on</strong>sider carefully what types of (additi<strong>on</strong>al) audit procedures would be effective <strong>in</strong><br />
f<strong>in</strong>d<strong>in</strong>g material misstatements <strong>in</strong> the f<strong>in</strong>ancial statements. In some cases, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r may c<strong>on</strong>clude that<br />
<strong>in</strong>ternal c<strong>on</strong>trol has broken down <str<strong>on</strong>g>to</str<strong>on</strong>g> such an extent that the <strong>on</strong>ly opti<strong>on</strong> is <str<strong>on</strong>g>to</str<strong>on</strong>g> withdraw from the engagement.<br />
The C<strong>on</strong>trol Envir<strong>on</strong>ment <strong>in</strong> Smaller Entities<br />
The c<strong>on</strong>trol envir<strong>on</strong>ment with<strong>in</strong> small entities will differ from larger entities, but is just as important. This<br />
is particularly true when the entity does not have the staff or resources <str<strong>on</strong>g>to</str<strong>on</strong>g> implement traditi<strong>on</strong>al c<strong>on</strong>trol<br />
activities such as segregati<strong>on</strong> of duties.<br />
In smaller entities, the active <strong>in</strong>volvement of a competent owner-manager (a c<strong>on</strong>trol-envir<strong>on</strong>ment strength)<br />
may well reduce the need for other c<strong>on</strong>trol activities such as segregati<strong>on</strong> of duties. C<strong>on</strong>sequently, c<strong>on</strong>trol<br />
envir<strong>on</strong>ment strengths can serve <str<strong>on</strong>g>to</str<strong>on</strong>g> <strong>in</strong>directly prevent or detect and correct certa<strong>in</strong> types of misstatement.<br />
For example, when the owner-manager reviews and approves <strong>in</strong>dividual transacti<strong>on</strong>s before they are<br />
completed, it may serve <str<strong>on</strong>g>to</str<strong>on</strong>g> prevent or detect and correct certa<strong>in</strong> specific errors or fraud. However, this c<strong>on</strong>trol<br />
envir<strong>on</strong>ment strength would not mitigate other risks such as management override of c<strong>on</strong>trols.<br />
In smaller entities, there will typically be less documentati<strong>on</strong> available <str<strong>on</strong>g>to</str<strong>on</strong>g> support c<strong>on</strong>trol envir<strong>on</strong>ment<br />
c<strong>on</strong>trols. C<strong>on</strong>sequently, the attitudes, awareness, and acti<strong>on</strong>s of management (such as owner-managers) will<br />
often form the basis for evaluat<strong>in</strong>g c<strong>on</strong>trol design and implementati<strong>on</strong>. For example, larger entities are likely<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> provide staff with a code of c<strong>on</strong>duct that outl<strong>in</strong>es acceptable behaviors and c<strong>on</strong>sequences for violat<strong>in</strong>g<br />
codes or rules. Smaller entities may communicate similar values and acceptable behaviors through oral<br />
communicati<strong>on</strong>s and by management example.<br />
Where there is no support<strong>in</strong>g documentati<strong>on</strong> for a particular c<strong>on</strong>trol, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r would prepare a<br />
memorandum for the file. For example, <strong>in</strong> address<strong>in</strong>g whether there is communicati<strong>on</strong> and enforcement of<br />
<strong>in</strong>tegrity and ethical values, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r could: