Guide to Using International Standards on Auditing in - IFAC

More documents

Recommendations

Info

66 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Controls Description Examples IT Application Controls Actual Results Reviews Physical Controls These controls are programmed in<strong>to</strong> IT applications such as sales or purchases. They include fully au<strong>to</strong>mated and partially au<strong>to</strong>mated controls. These controls involve the regular review and analyses of actual results versus budgets, forecasts, and prior-period performance. It also involves relating different sets of data (operating or financial) <strong>to</strong> one another and comparing internal data with external sources of information. Unexpected variations would be investigated and corrective actions taken. These controls relate <strong>to</strong> the physical security of assets and permitted access <strong>to</strong> entity premises, accounting records, computer programs, and data files. Checking the arithmetical accuracy of records, pricing of invoices, edit checks of input data, numerical sequence checks, and production of exception reports for manager review. Analysis of operating results, comparing actual results <strong>to</strong> budget, and investigating variances. Such controls consist of asset security (door locks and restricted access <strong>to</strong> inven<strong>to</strong>ry/ records) and comparing the results of periodic cash, security, and inven<strong>to</strong>ry counts with accounting records. Smaller Entities Control activities are designed <strong>to</strong> directly prevent a material misstatement from occurring or detecting and then correcting a misstatement after it has occurred. In smaller entities, the concepts underlying control activities are likely <strong>to</strong> be similar <strong>to</strong> larger entities, but their relevance <strong>to</strong> the audi<strong>to</strong>r may vary considerably. Consider the following. Exhibit 5.6-3 Control Activities in Smaller Entities Informal and Limited documentation Limited Scope Comments Many controls may operate informally and may not be well documented. For example, granting credit <strong>to</strong> a cus<strong>to</strong>mer may be more reliant on the judgment and knowledge of the manager than on a pre-established credit limit. Control activities (<strong>to</strong> the extent they exist) are likely <strong>to</strong> relate <strong>to</strong> the main transaction cycles such as revenues, purchases, and employment expenses.
67 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Control Activities in Smaller Entities Risks May be Mitigated by the Control Environment (See Volume 1, Chapter 5.3) Comments Certain types of control activities may not be relevant because of controls applied by senior management. For example, management's approval of significant transactions can provide strong control over important account balances and transactions, lessening or removing the need for more detailed control activities. Some transactional misstatements (usually addressed by control activities in larger entities) could be mitigated by: • A corporate culture that emphasizes the importance of control; • Employing highly competent staff; • Moni<strong>to</strong>ring revenues and expenditures against an established budget; • Requiring senior management’s approval of all major transactions; • Moni<strong>to</strong>ring of key performance indica<strong>to</strong>rs; and • Assigning responsibilities among staff so as <strong>to</strong> maximize the segregation of duties. Control activities, relevant <strong>to</strong> the audit, would potentially mitigate risks such as: • Significant risks Identified and assessed risks of material misstatement that, in the audi<strong>to</strong>r’s judgment, require special audit consideration. (Refer <strong>to</strong> Volume 2, Chapter 10.) • Risks that cannot easily be addressed by substantive procedures These are identified and assessed risks of material misstatement for which substantive procedures alone would not provide sufficient appropriate audit evidence. • Other risks of material misstatement The audi<strong>to</strong>r’s judgment about whether a control activity is relevant <strong>to</strong> the audit is influenced by: • Knowledge about the presence/absence of control activities identified in other components of internal control. If a particular risk has already been adequately addressed (such as by the control environment, information system, etc.), there is no need <strong>to</strong> identify any additional controls that may exist. • The existence of multiple control activities that achieve the same objective. It is unnecessary <strong>to</strong> obtain an understanding of each of the control activities related <strong>to</strong> such an objective. • Increased audit efficiency that will be gained from testing the operating effectiveness of certain key controls. This could occur when: – Obtaining audit evidence through a test of the operating effectiveness of controls may be more cost efficient than performing substantive procedures. Tests of controls typically result in smaller sample sizes than substantive tests. If the controls are au<strong>to</strong>mated, a sample size of just one item (assuming good general IT controls) may be all that is required. In addition, if the control system and personnel involved have not changed from previous years, it may be possible (under certain conditions) <strong>to</strong> limit the test of operating effectiveness of controls <strong>to</strong> once every three years. (See Volume 2, Chapter 17.) – Substantive procedures alone would not provide sufficient appropriate audit evidence at the assertion level. For example, the completeness assertion for sales revenue can be difficult (and sometimes impossible) <strong>to</strong> address by substantive procedures alone. In these situations, it would be worthwhile <strong>to</strong> identify any internal controls that address the risk and assertion involved. If the
Page 1 and 2:
Guide to</
Page 3 and 4:
3 Guide to
Page 5 and 6:
5 Guide to
Page 7 and 8:
Disclaimer This Guide</stro
Page 9 and 10:
9 Guide to
Page 11 and 12:
11 Guide t
Page 13 and 14:
13 2. Clarified ISAs In March 2009,
Page 15 and 16: 15 Guide t
Page 19 and 20: Volume 1 Core Concepts
Page 51 and 52: 51 5. Internal Control — Purpose
Page 65: 65 Guide t
Page 77 and 78: 77 6. Financial Statement Assertion
Page 101 and 102: 101 Guide
Page 115 and 116: 115 10. Further Audit Procedures Ch
Page 117 and 118:
117 Guide
Page 119 and 120:
119 Guide
Page 121 and 122:
121 Guide
Page 123 and 124:
123 Guide
Page 125 and 126:
125 Guide
Page 127 and 128:
127 Guide
Page 129 and 130:
129 Guide
Page 131 and 132:
131 Guide
Page 133 and 134:
133 Guide
Page 135 and 136:
135 Guide
Page 137 and 138:
137 Guide
Page 139 and 140:
139 Guide
Page 141 and 142:
141 Guide
Page 143 and 144:
143 Guide
Page 145 and 146:
145 12. Related Parties Chapter Con
Page 147 and 148:
147 Guide
Page 149 and 150:
149 Guide
Page 151 and 152:
151 Guide
Page 153 and 154:
153 Guide
Page 155 and 156:
155 Guide
Page 157 and 158:
157 Guide
Page 159 and 160:
159 Guide
Page 161 and 162:
161 14. Going Concern Chapter Conte
Page 163 and 164:
163 Guide
Page 165 and 166:
165 Guide
Page 167 and 168:
167 Guide
Page 169 and 170:
169 Guide
Page 171 and 172:
171 15. Summary of Other ISA Requir
Page 173 and 174:
173 Guide
Page 175 and 176:
175 Guide
Page 177 and 178:
177 Guide
Page 179 and 180:
179 Guide
Page 181 and 182:
181 Guide
Page 183 and 184:
183 Guide
Page 185 and 186:
185 Guide
Page 187 and 188:
187 Guide
Page 189 and 190:
189 Guide
Page 191 and 192:
191 Guide
Page 193 and 194:
193 Guide
Page 195 and 196:
195 Guide
Page 197 and 198:
197 Guide
Page 199 and 200:
199 Guide
Page 201 and 202:
201 Guide
Page 203 and 204:
203 Guide
Page 205 and 206:
205 16. Audit Documentation Chapter
Page 207 and 208:
207 Guide
Page 209 and 210:
209 Guide
Page 211 and 212:
211 Guide
Page 213 and 214:
213 Guide
Page 215 and 216:
215 Guide
Page 217 and 218:
217 Guide
Page 219 and 220:
219 Guide
Page 221 and 222:
221 Guide
Page 223 and 224:
223 Guide
Page 225 and 226:
225 Guide
Page 227 and 228:
227 Guide
Page 229 and 230:
229 Guide
Page 231 and 232:
231 Guide
Page 233 and 234:
233 Guide
Page 235 and 236:
235 Guide
show all

Guide to Using International Standards on Auditing in - IFAC

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?