Guide to Using International Standards on Auditing in - IFAC

More documents

Recommendations

Info

64 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Communication Communication is a key component of successful information systems. Consequently, if information is <strong>to</strong> be used in decision-making and <strong>to</strong> facilitate the functioning of internal control, it needs <strong>to</strong> be communicated on a timely basis (both internally and externally) <strong>to</strong> the appropriate people. Effective internal communication helps the entity’s personnel clearly understand internal control objectives, the business processes in use, and their individual roles and responsibilities. It also helps them understand the extent <strong>to</strong> which their activities relate <strong>to</strong> the work of others, and the means of reporting exceptions <strong>to</strong> an appropriate higher level within the entity. The means of communication may be informal (verbal) or formal (i.e., documented in policy and financial reporting manuals). Internal communication between <strong>to</strong>p management and employees is often easier and less formal in smaller companies, due <strong>to</strong> fewer levels and smaller numbers of personnel and the greater availability and presence of senior management. Effective external communication ensures that matters affecting the achievement of financial reporting objectives are communicated with relevant outside parties such as key stakeholders, financial institutions, regula<strong>to</strong>rs, and government agencies. Lack of IT Systems Documentation Smaller entities may have less sophisticated and less thoroughly documented information and communication systems. If management does not have extensive descriptions of accounting procedures, sophisticated accounting records, or written policies, the understanding required by the audi<strong>to</strong>r will be obtained more by inquiry and observation than by review of documentation. 5.6 Control Activities Paragraph # Relevant Extracts from ISAs 315.20 The audi<strong>to</strong>r shall obtain an understanding of control activities relevant <strong>to</strong> the audit, being those the audi<strong>to</strong>r judges it necessary <strong>to</strong> understand in order <strong>to</strong> assess the risks of material misstatement at the assertion level and design further audit procedures responsive <strong>to</strong> assessed risks. An audit does not require an understanding of all the control activities related <strong>to</strong> each significant class of transactions, account balance, and disclosure in the financial statements or <strong>to</strong> every assertion relevant <strong>to</strong> them. (Ref: Para. A88-A94) 315.21 In understanding the entity’s control activities, the audi<strong>to</strong>r shall obtain an understanding of how the entity has responded <strong>to</strong> risks arising from IT. (Ref: Para. A95-A97) Control Activities
65 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Control activities are the policies and procedures that help ensure that management’s directives are carried out. Examples include controls <strong>to</strong> ensure that goods are not shipped <strong>to</strong> a bad credit risk, or that only authorized purchases are made. These controls address risks that, if not mitigated, would threaten the achievement of the entity’s objectives. Control activities (whether within information or manual systems) are designed <strong>to</strong> mitigate the risks involved in everyday activities such as transaction processing (business processes such as sales, purchases, and payroll) and safeguarding of assets. Business processes are structured sets of activities designed <strong>to</strong> produce a specified output. Business process controls can generally be classified as preventive, detective and corrective, or compensating or steering, as outlined in the exhibit below. Exhibit 5.6-1 Controls Classification Preventive Controls Detective Controls Compensating Controls Steering Controls (e.g., Policies) Description Avoid errors or irregularities. Identify errors or irregularities after they have occurred so corrective action can be taken. Provide some assurance where resource limitations may preclude other more direct controls. <strong>Guide</strong> actions <strong>to</strong>wards the desired objectives. The nature of business process controls will vary based on the risks involved and the specific application. Typical controls at the business process level would include the matters set out below. Exhibit 5.6-2 Controls Description Examples Segregation of Duties Authorization Controls Account Reconciliations These controls can reduce the opportunities for a person <strong>to</strong> be in a position <strong>to</strong> both perpetrate and conceal errors or fraud. These controls define who has the authority <strong>to</strong> approve various routine and non-routine transactions and events. This includes preparing and reviewing account reconciliations on a timely basis and taking any necessary corrective actions. The employee responsible for the accounts receivable processing has no access <strong>to</strong> cash receipts. Assigning responsibility <strong>to</strong> authorize: • Hiring of new employees; • Making investments; • Ordering goods and services; and • Extending credit <strong>to</strong> a cus<strong>to</strong>mer. Reconciliations of bank accounts, sales transactions, intercompany balances, suspense accounts, etc.
Page 1 and 2:
Guide to</
Page 3 and 4:
3 Guide to
Page 5 and 6:
5 Guide to
Page 7 and 8:
Disclaimer This Guide</stro
Page 9 and 10:
9 Guide to
Page 11 and 12:
11 Guide t
Page 13 and 14: 13 2. Clarified ISAs In March 2009,
Page 15 and 16: 15 Guide t
Page 19 and 20: Volume 1 Core Concepts
Page 51 and 52: 51 5. Internal Control — Purpose
Page 63: 63 Guide t
Page 77 and 78: 77 6. Financial Statement Assertion
Page 101 and 102: 101 Guide
Page 115 and 116:
115 10. Further Audit Procedures Ch
Page 117 and 118:
117 Guide
Page 119 and 120:
119 Guide
Page 121 and 122:
121 Guide
Page 123 and 124:
123 Guide
Page 125 and 126:
125 Guide
Page 127 and 128:
127 Guide
Page 129 and 130:
129 Guide
Page 131 and 132:
131 Guide
Page 133 and 134:
133 Guide
Page 135 and 136:
135 Guide
Page 137 and 138:
137 Guide
Page 139 and 140:
139 Guide
Page 141 and 142:
141 Guide
Page 143 and 144:
143 Guide
Page 145 and 146:
145 12. Related Parties Chapter Con
Page 147 and 148:
147 Guide
Page 149 and 150:
149 Guide
Page 151 and 152:
151 Guide
Page 153 and 154:
153 Guide
Page 155 and 156:
155 Guide
Page 157 and 158:
157 Guide
Page 159 and 160:
159 Guide
Page 161 and 162:
161 14. Going Concern Chapter Conte
Page 163 and 164:
163 Guide
Page 165 and 166:
165 Guide
Page 167 and 168:
167 Guide
Page 169 and 170:
169 Guide
Page 171 and 172:
171 15. Summary of Other ISA Requir
Page 173 and 174:
173 Guide
Page 175 and 176:
175 Guide
Page 177 and 178:
177 Guide
Page 179 and 180:
179 Guide
Page 181 and 182:
181 Guide
Page 183 and 184:
183 Guide
Page 185 and 186:
185 Guide
Page 187 and 188:
187 Guide
Page 189 and 190:
189 Guide
Page 191 and 192:
191 Guide
Page 193 and 194:
193 Guide
Page 195 and 196:
195 Guide
Page 197 and 198:
197 Guide
Page 199 and 200:
199 Guide
Page 201 and 202:
201 Guide
Page 203 and 204:
203 Guide
Page 205 and 206:
205 16. Audit Documentation Chapter
Page 207 and 208:
207 Guide
Page 209 and 210:
209 Guide
Page 211 and 212:
211 Guide
Page 213 and 214:
213 Guide
Page 215 and 216:
215 Guide
Page 217 and 218:
217 Guide
Page 219 and 220:
219 Guide
Page 221 and 222:
221 Guide
Page 223 and 224:
223 Guide
Page 225 and 226:
225 Guide
Page 227 and 228:
227 Guide
Page 229 and 230:
229 Guide
Page 231 and 232:
231 Guide
Page 233 and 234:
233 Guide
Page 235 and 236:
235 Guide
show all

Guide to Using International Standards on Auditing in - IFAC

Create successful ePaper yourself

Delete template?

Save as template?