Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
67<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
C<strong>on</strong>trol Activities<br />
<strong>in</strong> Smaller Entities<br />
Risks May be<br />
Mitigated by<br />
the C<strong>on</strong>trol<br />
Envir<strong>on</strong>ment<br />
(See Volume 1,<br />
Chapter 5.3)<br />
Comments<br />
Certa<strong>in</strong> types of c<strong>on</strong>trol activities may not be relevant because of c<strong>on</strong>trols applied by<br />
senior management. For example, management's approval of significant transacti<strong>on</strong>s<br />
can provide str<strong>on</strong>g c<strong>on</strong>trol over important account balances and transacti<strong>on</strong>s,<br />
lessen<strong>in</strong>g or remov<strong>in</strong>g the need for more detailed c<strong>on</strong>trol activities. Some<br />
transacti<strong>on</strong>al misstatements (usually addressed by c<strong>on</strong>trol activities <strong>in</strong> larger entities)<br />
could be mitigated by:<br />
• A corporate culture that emphasizes the importance of c<strong>on</strong>trol;<br />
• Employ<strong>in</strong>g highly competent staff;<br />
• M<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r<strong>in</strong>g revenues and expenditures aga<strong>in</strong>st an established budget;<br />
• Requir<strong>in</strong>g senior management’s approval of all major transacti<strong>on</strong>s;<br />
• M<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r<strong>in</strong>g of key performance <strong>in</strong>dica<str<strong>on</strong>g>to</str<strong>on</strong>g>rs; and<br />
• Assign<strong>in</strong>g resp<strong>on</strong>sibilities am<strong>on</strong>g staff so as <str<strong>on</strong>g>to</str<strong>on</strong>g> maximize the segregati<strong>on</strong> of<br />
duties.<br />
C<strong>on</strong>trol activities, relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit, would potentially mitigate risks such as:<br />
• Significant risks<br />
Identified and assessed risks of material misstatement that, <strong>in</strong> the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s judgment, require special<br />
audit c<strong>on</strong>siderati<strong>on</strong>. (Refer <str<strong>on</strong>g>to</str<strong>on</strong>g> Volume 2, Chapter 10.)<br />
• Risks that cannot easily be addressed by substantive procedures<br />
These are identified and assessed risks of material misstatement for which substantive procedures al<strong>on</strong>e<br />
would not provide sufficient appropriate audit evidence.<br />
• Other risks of material misstatement<br />
The audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r’s judgment about whether a c<strong>on</strong>trol activity is relevant <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit is <strong>in</strong>fluenced by:<br />
• Knowledge about the presence/absence of c<strong>on</strong>trol activities identified <strong>in</strong> other comp<strong>on</strong>ents of <strong>in</strong>ternal<br />
c<strong>on</strong>trol. If a particular risk has already been adequately addressed (such as by the c<strong>on</strong>trol envir<strong>on</strong>ment,<br />
<strong>in</strong>formati<strong>on</strong> system, etc.), there is no need <str<strong>on</strong>g>to</str<strong>on</strong>g> identify any additi<strong>on</strong>al c<strong>on</strong>trols that may exist.<br />
• The existence of multiple c<strong>on</strong>trol activities that achieve the same objective. It is unnecessary <str<strong>on</strong>g>to</str<strong>on</strong>g> obta<strong>in</strong><br />
an understand<strong>in</strong>g of each of the c<strong>on</strong>trol activities related <str<strong>on</strong>g>to</str<strong>on</strong>g> such an objective.<br />
• Increased audit efficiency that will be ga<strong>in</strong>ed from test<strong>in</strong>g the operat<strong>in</strong>g effectiveness of certa<strong>in</strong> key<br />
c<strong>on</strong>trols. This could occur when:<br />
– Obta<strong>in</strong><strong>in</strong>g audit evidence through a test of the operat<strong>in</strong>g effectiveness of c<strong>on</strong>trols may be more<br />
cost efficient than perform<strong>in</strong>g substantive procedures. Tests of c<strong>on</strong>trols typically result <strong>in</strong> smaller<br />
sample sizes than substantive tests. If the c<strong>on</strong>trols are au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated, a sample size of just <strong>on</strong>e item<br />
(assum<strong>in</strong>g good general IT c<strong>on</strong>trols) may be all that is required. In additi<strong>on</strong>, if the c<strong>on</strong>trol system<br />
and pers<strong>on</strong>nel <strong>in</strong>volved have not changed from previous years, it may be possible (under certa<strong>in</strong><br />
c<strong>on</strong>diti<strong>on</strong>s) <str<strong>on</strong>g>to</str<strong>on</strong>g> limit the test of operat<strong>in</strong>g effectiveness of c<strong>on</strong>trols <str<strong>on</strong>g>to</str<strong>on</strong>g> <strong>on</strong>ce every three years. (See<br />
Volume 2, Chapter 17.)<br />
– Substantive procedures al<strong>on</strong>e would not provide sufficient appropriate audit evidence at the<br />
asserti<strong>on</strong> level. For example, the completeness asserti<strong>on</strong> for sales revenue can be difficult (and<br />
sometimes impossible) <str<strong>on</strong>g>to</str<strong>on</strong>g> address by substantive procedures al<strong>on</strong>e. In these situati<strong>on</strong>s, it would<br />
be worthwhile <str<strong>on</strong>g>to</str<strong>on</strong>g> identify any <strong>in</strong>ternal c<strong>on</strong>trols that address the risk and asserti<strong>on</strong> <strong>in</strong>volved. If the