Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
72<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
5.10 Manual versus Au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated C<strong>on</strong>trols<br />
For most entities, the system of <strong>in</strong>ternal c<strong>on</strong>trol will c<strong>on</strong>sist of a mixture of manual and au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated c<strong>on</strong>trols.<br />
The risks and benefits associated with the different types of c<strong>on</strong>trol are outl<strong>in</strong>ed below.<br />
Exhibit 5.10-1<br />
Manual C<strong>on</strong>trols<br />
• Used <str<strong>on</strong>g>to</str<strong>on</strong>g> m<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r the effectiveness of au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated<br />
c<strong>on</strong>trols.<br />
• Suited <str<strong>on</strong>g>to</str<strong>on</strong>g> areas where judgment and discreti<strong>on</strong><br />
are required over large, unusual, or n<strong>on</strong>-recurr<strong>in</strong>g<br />
transacti<strong>on</strong>s.<br />
• Beneficial when errors are difficult <str<strong>on</strong>g>to</str<strong>on</strong>g> def<strong>in</strong>e,<br />
anticipate, or predict.<br />
• Chang<strong>in</strong>g circumstances may require a c<strong>on</strong>trol<br />
resp<strong>on</strong>se outside the scope of an exist<strong>in</strong>g<br />
au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated c<strong>on</strong>trol.<br />
Benefits<br />
Au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated C<strong>on</strong>trols<br />
• C<strong>on</strong>sistently apply predef<strong>in</strong>ed bus<strong>in</strong>ess rules and<br />
perform complex calculati<strong>on</strong>s <strong>in</strong> process<strong>in</strong>g large<br />
volumes of transacti<strong>on</strong>s or data.<br />
• Enhance the timel<strong>in</strong>ess, availability, and accuracy<br />
of <strong>in</strong>formati<strong>on</strong>.<br />
• Facilitate the additi<strong>on</strong>al analysis of <strong>in</strong>formati<strong>on</strong>.<br />
• Enhance the ability <str<strong>on</strong>g>to</str<strong>on</strong>g> m<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r the performance<br />
of the entity’s activities and its policies and<br />
procedures.<br />
• Reduce the risk that <strong>in</strong>ternal c<strong>on</strong>trol will be<br />
circumvented.<br />
• Enhance the ability <str<strong>on</strong>g>to</str<strong>on</strong>g> achieve effective segregati<strong>on</strong><br />
of duties by implement<strong>in</strong>g appropriate system<br />
access restricti<strong>on</strong>s <strong>in</strong> applicati<strong>on</strong>s, databases, and<br />
operat<strong>in</strong>g systems.<br />
Risks<br />
Manual C<strong>on</strong>trols<br />
Au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated C<strong>on</strong>trols<br />
• Less reliable than au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated c<strong>on</strong>trols, as<br />
performed by people.<br />
• Reliance can be placed <strong>on</strong> systems or programs<br />
that are <strong>in</strong>accurately process<strong>in</strong>g data, process<strong>in</strong>g<br />
• More easily bypassed, ignored, or overridden.<br />
<strong>in</strong>accurate data, or both.<br />
• Pr<strong>on</strong>e <str<strong>on</strong>g>to</str<strong>on</strong>g> simple errors and mistakes.<br />
• Unauthorized access <str<strong>on</strong>g>to</str<strong>on</strong>g> data may result <strong>in</strong> destructi<strong>on</strong><br />
• C<strong>on</strong>sistency of applicati<strong>on</strong> cannot be assumed.<br />
of data or improper changes <str<strong>on</strong>g>to</str<strong>on</strong>g> data, <strong>in</strong>clud<strong>in</strong>g<br />
the record<strong>in</strong>g of unauthorized or n<strong>on</strong>-existent<br />
• Less suitable for high volume or recurr<strong>in</strong>g<br />
transacti<strong>on</strong>s, or <strong>in</strong>accurate record<strong>in</strong>g of transacti<strong>on</strong>s<br />
transacti<strong>on</strong>s where au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated c<strong>on</strong>trols would be<br />
(particular risks may arise where multiple users access<br />
more efficient.<br />
a comm<strong>on</strong> database).<br />
• Less suitable for activities where specific ways <str<strong>on</strong>g>to</str<strong>on</strong>g><br />
• The possibility of IT pers<strong>on</strong>nel ga<strong>in</strong><strong>in</strong>g access<br />
perform the c<strong>on</strong>trol can be adequately designed<br />
privileges bey<strong>on</strong>d those necessary <str<strong>on</strong>g>to</str<strong>on</strong>g> perform<br />
and au<str<strong>on</strong>g>to</str<strong>on</strong>g>mated.<br />
their assigned duties, thereby break<strong>in</strong>g down the<br />
segregati<strong>on</strong> of duties.<br />
• Unauthorized changes <str<strong>on</strong>g>to</str<strong>on</strong>g> data <strong>in</strong> master files.<br />
• Unauthorized changes <str<strong>on</strong>g>to</str<strong>on</strong>g> systems or programs.<br />
• Failure <str<strong>on</strong>g>to</str<strong>on</strong>g> make necessary changes <str<strong>on</strong>g>to</str<strong>on</strong>g> systems or<br />
programs.<br />
• Inappropriate manual <strong>in</strong>terventi<strong>on</strong>.<br />
• Potential loss of data or <strong>in</strong>ability <str<strong>on</strong>g>to</str<strong>on</strong>g> access data as<br />
required.