Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
58<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
C<strong>on</strong>trol Element The Key Questi<strong>on</strong> Possible C<strong>on</strong>trols<br />
Participati<strong>on</strong> by<br />
Those Charged<br />
With Governance<br />
(TCWG)<br />
(Other than Where<br />
Management is<br />
TCWG)<br />
Management’s<br />
Philosophy and<br />
Operat<strong>in</strong>g Style<br />
Organizati<strong>on</strong>al<br />
Structure<br />
Assignment of<br />
Authority and<br />
Resp<strong>on</strong>sibility<br />
How effective is the<br />
governance (if any)<br />
be<strong>in</strong>g provided<br />
over entity<br />
operati<strong>on</strong>s?<br />
What are<br />
management's<br />
attitudes and<br />
acti<strong>on</strong>s <str<strong>on</strong>g>to</str<strong>on</strong>g>ward<br />
f<strong>in</strong>ancial report<strong>in</strong>g?<br />
Has a relevant<br />
organizati<strong>on</strong>al<br />
structure been<br />
established?<br />
Have key areas<br />
of authority and<br />
resp<strong>on</strong>sibility been<br />
appropriately<br />
assigned?<br />
• A majority of TCWG are <strong>in</strong>dependent of management.<br />
• TCWG have the appropriate experience, stature, and<br />
f<strong>in</strong>ancial expertise.<br />
• Significant issues and f<strong>in</strong>ancial results are communicated<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> TCWG <strong>in</strong> a timely manner.<br />
• TCWG provide effective oversight over management’s<br />
activities. This <strong>in</strong>cludes rais<strong>in</strong>g difficult questi<strong>on</strong>s and<br />
pursu<strong>in</strong>g answers.<br />
• TCWG meet <strong>on</strong> a regular basis, and m<strong>in</strong>utes of meet<strong>in</strong>gs<br />
are circulated <strong>in</strong> a timely basis.<br />
• Management dem<strong>on</strong>strates positive attitudes and acti<strong>on</strong>s<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g>ward:<br />
– Sound <strong>in</strong>ternal c<strong>on</strong>trol over f<strong>in</strong>ancial report<strong>in</strong>g<br />
(<strong>in</strong>clud<strong>in</strong>g management override and other fraud),<br />
– Appropriate selecti<strong>on</strong>/applicati<strong>on</strong> of account<strong>in</strong>g<br />
policies,<br />
– Informati<strong>on</strong>-process<strong>in</strong>g c<strong>on</strong>trols, and<br />
– The treatment of account<strong>in</strong>g pers<strong>on</strong>nel.<br />
• Management has established procedures <str<strong>on</strong>g>to</str<strong>on</strong>g> prevent<br />
unauthorized access <str<strong>on</strong>g>to</str<strong>on</strong>g> or destructi<strong>on</strong> of assets,<br />
documents, and records.<br />
• Management analyzes bus<strong>in</strong>ess risks and takes<br />
appropriate acti<strong>on</strong>.<br />
• The organizati<strong>on</strong>al structure is appropriate <str<strong>on</strong>g>to</str<strong>on</strong>g> facilitate<br />
achievement of entity objectives, operat<strong>in</strong>g functi<strong>on</strong>s,<br />
and regula<str<strong>on</strong>g>to</str<strong>on</strong>g>ry requirements.<br />
• Management clearly understands its resp<strong>on</strong>sibility<br />
and authority for bus<strong>in</strong>ess activities, and possesses the<br />
requisite experience and levels of knowledge <str<strong>on</strong>g>to</str<strong>on</strong>g> properly<br />
execute its positi<strong>on</strong>s.<br />
• The entity structure facilitates the flow of reliable and<br />
timely <strong>in</strong>formati<strong>on</strong> <str<strong>on</strong>g>to</str<strong>on</strong>g> the appropriate people for plann<strong>in</strong>g<br />
and c<strong>on</strong>troll<strong>in</strong>g activities.<br />
• Incompatible duties are segregated <str<strong>on</strong>g>to</str<strong>on</strong>g> the extent<br />
possible.<br />
• There are policies and procedures for authorizati<strong>on</strong> and<br />
approval of transacti<strong>on</strong>s.<br />
• Appropriate l<strong>in</strong>es of report<strong>in</strong>g and accountability exist<br />
(appropriate <str<strong>on</strong>g>to</str<strong>on</strong>g> the entity’s size and the nature of its<br />
activities).<br />
• Job descripti<strong>on</strong>s <strong>in</strong>clude c<strong>on</strong>trol-related resp<strong>on</strong>sibilities.