Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC Guide to Using International Standards on Auditing in - IFAC
58
59
- Page 7 and 8: Disclaimer This Guide</stro
- Page 9 and 10: 9 Guide to
- Page 11 and 12: 11 Guide t
- Page 13 and 14: 13 2. Clarified ISAs In March 2009,
- Page 15 and 16: 15 Guide t
- Page 17 and 18: 17 Guide t
- Page 19 and 20: Volume 1 Core Concepts
- Page 21 and 22: 21 Guide t
- Page 23 and 24: 23 Guide t
- Page 25 and 26: 25 Guide t
- Page 27 and 28: 27 Guide t
- Page 29 and 30: 29 Guide t
- Page 31 and 32: 31 Guide t
- Page 33 and 34: 33 Guide t
- Page 35 and 36: 35 Guide t
- Page 37 and 38: 37 Guide t
- Page 39 and 40: 39 Guide t
- Page 41 and 42: 41 Guide t
- Page 43 and 44: 43 Guide t
- Page 45 and 46: 45 Guide t
- Page 47 and 48: 47 Guide t
- Page 49 and 50: 49 Guide t
- Page 51 and 52: 51 5. Internal Control — Purpose
- Page 53 and 54: 53 Guide t
- Page 55 and 56: 55 Guide t
- Page 57: 57 Guide t
- Page 61 and 62: 61 Guide t
- Page 63 and 64: 63 Guide t
- Page 65 and 66: 65 Guide t
- Page 67 and 68: 67 Guide t
- Page 69 and 70: 69 Guide t
- Page 71 and 72: 71 Guide t
- Page 73 and 74: 73 Guide t
- Page 75 and 76: 75 Guide t
- Page 77 and 78: 77 6. Financial Statement Assertion
- Page 79 and 80: 79 Guide t
- Page 81 and 82: 81 Guide t
- Page 83 and 84: 83 Guide t
- Page 85 and 86: 85 Guide t
- Page 87 and 88: 87 Guide t
- Page 89 and 90: 89 Guide t
- Page 91 and 92: 91 Guide t
- Page 93 and 94: 93 Guide t
- Page 95 and 96: 95 Guide t
- Page 97 and 98: 97 Guide t
- Page 99 and 100: 99 Guide t
- Page 101 and 102: 101 Guide
- Page 103 and 104: 103 Guide
- Page 105 and 106: 105 Guide
- Page 107 and 108: 107 Guide
59<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
C<strong>on</strong>trol Element The Key Questi<strong>on</strong> Possible C<strong>on</strong>trols<br />
Human Resources<br />
Policies and<br />
Practices<br />
What standards are<br />
<strong>in</strong> place <str<strong>on</strong>g>to</str<strong>on</strong>g> ensure:<br />
Recruitment of the<br />
most competent<br />
and trustworthy<br />
people?<br />
Tra<strong>in</strong><strong>in</strong>g is provided<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> ensure people<br />
can perform their<br />
jobs?<br />
Promoti<strong>on</strong>s<br />
are driven by<br />
performance<br />
appraisals?<br />
• Management establishes/enforces standards for hir<strong>in</strong>g<br />
the most qualified <strong>in</strong>dividuals.<br />
• Recruit<strong>in</strong>g practices <strong>in</strong>clude employment <strong>in</strong>terviews,<br />
background checks, and communicati<strong>on</strong> of values,<br />
expected behaviors, and management’s operat<strong>in</strong>g style.<br />
• Job performance is periodically evaluated, the results<br />
reviewed with each employee, and appropriate acti<strong>on</strong><br />
taken.<br />
• Tra<strong>in</strong><strong>in</strong>g policies address prospective roles and<br />
resp<strong>on</strong>sibilities, expected levels of performance, and<br />
evolv<strong>in</strong>g needs.<br />
5.4 Risk Assessment<br />
Paragraph #<br />
Relevant Extracts from ISAs<br />
315.15 The audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall obta<strong>in</strong> an understand<strong>in</strong>g of whether the entity has a process for:<br />
(a) Identify<strong>in</strong>g bus<strong>in</strong>ess risks relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> f<strong>in</strong>ancial report<strong>in</strong>g objectives;<br />
(b) Estimat<strong>in</strong>g the significance of the risks;<br />
(c) Assess<strong>in</strong>g the likelihood of their occurrence; and<br />
(d) Decid<strong>in</strong>g about acti<strong>on</strong>s <str<strong>on</strong>g>to</str<strong>on</strong>g> address those risks. (Ref: Para. A79)<br />
315.16 If the entity has established such a process (referred <str<strong>on</strong>g>to</str<strong>on</strong>g> hereafter as the “entity’s risk<br />
assessment process”), the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall obta<strong>in</strong> an understand<strong>in</strong>g of it, and the results thereof.<br />
If the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r identifies risks of material misstatement that management failed <str<strong>on</strong>g>to</str<strong>on</strong>g> identify, the<br />
audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall evaluate whether there was an underly<strong>in</strong>g risk of a k<strong>in</strong>d that the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r expects<br />
would have been identified by the entity’s risk assessment process. If there is such a risk, the<br />
audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall obta<strong>in</strong> an understand<strong>in</strong>g of why that process failed <str<strong>on</strong>g>to</str<strong>on</strong>g> identify it, and evaluate<br />
whether the process is appropriate <str<strong>on</strong>g>to</str<strong>on</strong>g> its circumstances or determ<strong>in</strong>e if there is a significant<br />
deficiency <strong>in</strong> <strong>in</strong>ternal c<strong>on</strong>trol with regard <str<strong>on</strong>g>to</str<strong>on</strong>g> the entity’s risk assessment process.<br />
315.17 If the entity has not established such a process or has an ad hoc process, the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall<br />
discuss with management whether bus<strong>in</strong>ess risks relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> f<strong>in</strong>ancial report<strong>in</strong>g objectives<br />
have been identified and how they have been addressed. The audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r shall evaluate whether<br />
the absence of a documented risk assessment process is appropriate <strong>in</strong> the circumstances, or<br />
determ<strong>in</strong>e whether it represents a significant deficiency <strong>in</strong> <strong>in</strong>ternal c<strong>on</strong>trol. (Ref: Para. A80)