Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
65<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
C<strong>on</strong>trol activities are the policies and procedures that help ensure that management’s directives are<br />
carried out. Examples <strong>in</strong>clude c<strong>on</strong>trols <str<strong>on</strong>g>to</str<strong>on</strong>g> ensure that goods are not shipped <str<strong>on</strong>g>to</str<strong>on</strong>g> a bad credit risk, or that<br />
<strong>on</strong>ly authorized purchases are made. These c<strong>on</strong>trols address risks that, if not mitigated, would threaten the<br />
achievement of the entity’s objectives.<br />
C<strong>on</strong>trol activities (whether with<strong>in</strong> <strong>in</strong>formati<strong>on</strong> or manual systems) are designed <str<strong>on</strong>g>to</str<strong>on</strong>g> mitigate the risks <strong>in</strong>volved<br />
<strong>in</strong> everyday activities such as transacti<strong>on</strong> process<strong>in</strong>g (bus<strong>in</strong>ess processes such as sales, purchases, and payroll)<br />
and safeguard<strong>in</strong>g of assets.<br />
Bus<strong>in</strong>ess processes are structured sets of activities designed <str<strong>on</strong>g>to</str<strong>on</strong>g> produce a specified output. Bus<strong>in</strong>ess process<br />
c<strong>on</strong>trols can generally be classified as preventive, detective and corrective, or compensat<strong>in</strong>g or steer<strong>in</strong>g, as<br />
outl<strong>in</strong>ed <strong>in</strong> the exhibit below.<br />
Exhibit 5.6-1<br />
C<strong>on</strong>trols<br />
Classificati<strong>on</strong><br />
Preventive<br />
C<strong>on</strong>trols<br />
Detective C<strong>on</strong>trols<br />
Compensat<strong>in</strong>g<br />
C<strong>on</strong>trols<br />
Steer<strong>in</strong>g C<strong>on</strong>trols<br />
(e.g., Policies)<br />
Descripti<strong>on</strong><br />
Avoid errors or irregularities.<br />
Identify errors or irregularities after they have occurred so corrective acti<strong>on</strong> can be<br />
taken.<br />
Provide some assurance where resource limitati<strong>on</strong>s may preclude other more direct<br />
c<strong>on</strong>trols.<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> acti<strong>on</strong>s <str<strong>on</strong>g>to</str<strong>on</strong>g>wards the desired objectives.<br />
The nature of bus<strong>in</strong>ess process c<strong>on</strong>trols will vary based <strong>on</strong> the risks <strong>in</strong>volved and the specific applicati<strong>on</strong>.<br />
Typical c<strong>on</strong>trols at the bus<strong>in</strong>ess process level would <strong>in</strong>clude the matters set out below.<br />
Exhibit 5.6-2<br />
C<strong>on</strong>trols Descripti<strong>on</strong> Examples<br />
Segregati<strong>on</strong><br />
of Duties<br />
Authorizati<strong>on</strong><br />
C<strong>on</strong>trols<br />
Account<br />
Rec<strong>on</strong>ciliati<strong>on</strong>s<br />
These c<strong>on</strong>trols can reduce the<br />
opportunities for a pers<strong>on</strong> <str<strong>on</strong>g>to</str<strong>on</strong>g> be <strong>in</strong> a<br />
positi<strong>on</strong> <str<strong>on</strong>g>to</str<strong>on</strong>g> both perpetrate and c<strong>on</strong>ceal<br />
errors or fraud.<br />
These c<strong>on</strong>trols def<strong>in</strong>e who has the<br />
authority <str<strong>on</strong>g>to</str<strong>on</strong>g> approve various rout<strong>in</strong>e and<br />
n<strong>on</strong>-rout<strong>in</strong>e transacti<strong>on</strong>s and events.<br />
This <strong>in</strong>cludes prepar<strong>in</strong>g and review<strong>in</strong>g<br />
account rec<strong>on</strong>ciliati<strong>on</strong>s <strong>on</strong> a timely basis<br />
and tak<strong>in</strong>g any necessary corrective<br />
acti<strong>on</strong>s.<br />
The employee resp<strong>on</strong>sible for the accounts<br />
receivable process<strong>in</strong>g has no access <str<strong>on</strong>g>to</str<strong>on</strong>g> cash<br />
receipts.<br />
Assign<strong>in</strong>g resp<strong>on</strong>sibility <str<strong>on</strong>g>to</str<strong>on</strong>g> authorize:<br />
• Hir<strong>in</strong>g of new employees;<br />
• Mak<strong>in</strong>g <strong>in</strong>vestments;<br />
• Order<strong>in</strong>g goods and services; and<br />
• Extend<strong>in</strong>g credit <str<strong>on</strong>g>to</str<strong>on</strong>g> a cus<str<strong>on</strong>g>to</str<strong>on</strong>g>mer.<br />
Rec<strong>on</strong>ciliati<strong>on</strong>s of bank accounts, sales<br />
transacti<strong>on</strong>s, <strong>in</strong>tercompany balances,<br />
suspense accounts, etc.