Guide to Using International Standards on Auditing in - IFAC

More documents

Recommendations

Info

74 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Exhibit 5.11-1 Significant F/S Accounts & Disclosures Pervasive Controls Control Environment Moni<strong>to</strong>ring Risk Assessment Entity-Level Controls General l IT controls t Includes controls over: Fraud (management override) Centralized processing Period-end financial reporting process Specific Controls Control Activities Information System Transactional Controls IT application controls Transactions Notes: 1. The above illustration is a general guide. In some instances, pervasive controls can be designed <strong>to</strong> operate at a level of precision that would prevent or detect specific misstatements at the business process level. For example, a detailed budget approved by those charged with governance may be used by management <strong>to</strong> detect unauthorized administration expenditures. In other instances, there may be control activities and parts of the information system that relate <strong>to</strong> entity level activities. 2. Entity level controls (such as the commitment <strong>to</strong> competence) may be less tangible than those at the business process level (such as matching goods received <strong>to</strong> a purchase order), but are just as critical in preventing and detecting fraud and error. 3. The period-end financial reporting process includes procedures <strong>to</strong>: • Enter transaction <strong>to</strong>tals in<strong>to</strong> the general ledger; • Select and apply accounting policies; • Initiate, authorize, record, and process journal entries in the general ledger; • Record recurring and non-recurring adjustments <strong>to</strong> the financial statements; and • Prepare the financial statements and related disclosures. 4. General information technology (IT) controls are similar <strong>to</strong> entity level controls, except that they focus on how IT operations (such as organization, staffing, data integrity) are managed across the entity. 5. IT application controls are similar <strong>to</strong> transaction controls. They relate <strong>to</strong> how specific transactions are processed at the business process level.
75 <strong>Guide</strong> <strong>to</strong> <strong>Using</strong> <strong>International</strong> <strong>Standards</strong> on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts Pervasive controls form the basis from which specific transactional controls are built. They set the “<strong>to</strong>ne at the <strong>to</strong>p” and establish expectations for the organization’s control environment in general. Poorly designed pervasive controls may actually encourage all types of error and fraud <strong>to</strong> take place. For example, an entity may have a highly controlled and effective sales process. However, if senior management has a poor attitude <strong>to</strong>ward control and has sometimes overridden these controls, a material error could still occur in the financial statements. Management override and poor “<strong>to</strong>ne at the <strong>to</strong>p” are common themes in corporate wrongdoing. Pervasive controls also include the moni<strong>to</strong>ring controls that assess whether the actual <strong>to</strong>ne at the <strong>to</strong>p is what was intended, and how well control expectations are being fulfilled. The pervasive controls (sometimes called entity level controls) could include: • Controls related <strong>to</strong> the control environment; • Controls over management override; • The entity’s risk assessment process; • Controls <strong>to</strong> moni<strong>to</strong>r results of operations and other controls; • Controls over the period-end financial reporting process; and • Policies that address significant business control and risk management practices. Smaller Entities In smaller entities, the lack of specific business process controls (due <strong>to</strong> limited staff and resources) is often offset by a high degree of involvement by management (such as the owner-manager) in performing controls. In fact, some pervasive controls in smaller entities can often operate at a level of precision that actually serves <strong>to</strong> prevent or detect specific misstatements. However, the increased involvement of senior management also increases the risk of management override. This could be addressed through further audit procedures or the design of suitable anti-fraud controls. (See Volume 1, Chapter 5.12 below.) Pervasive Control Deficiencies Although weaknesses in pervasive controls do not generally result in an immediate deficiency or errors in the financial statements, they still have a significant influence on the likelihood of misstatements resulting at the business process control level. The absence of good pervasive controls may seriously undermine other business process controls; consequently, significant deficiencies in these controls would be reported <strong>to</strong> management and those charged with governance. 5.12 Anti-Fraud Controls In the last few years, a new type of internal control has begun <strong>to</strong> emerge, sometimes called anti-fraud controls. Since the vast majority of sizable frauds tend <strong>to</strong> involve senior management, the establishment of strong anti-fraud programs and controls is considered a healthy part of the control environment in larger entities. Anti-fraud controls can be likened <strong>to</strong> speed bumps on a road that are designed <strong>to</strong> slow down traffic but not s<strong>to</strong>p it al<strong>to</strong>gether. Anti-fraud controls are designed <strong>to</strong> deter bad behavior before it happens, but can never s<strong>to</strong>p it entirely. Anti-fraud controls are particularly relevant for larger entities, but can also be designed <strong>to</strong> discourage fraud in smaller entities. They may not prevent frauds from occurring, but they do provide a powerful disincentive. They cause the perpetra<strong>to</strong>rs <strong>to</strong> think carefully about the repercussions of their actions.
Page 1 and 2:
Guide to</
Page 3 and 4:
3 Guide to
Page 5 and 6:
5 Guide to
Page 7 and 8:
Disclaimer This Guide</stro
Page 9 and 10:
9 Guide to
Page 11 and 12:
11 Guide t
Page 13 and 14:
13 2. Clarified ISAs In March 2009,
Page 15 and 16:
15 Guide t
Page 17 and 18:
17 Guide t
Page 19 and 20:
Volume 1 Core Concepts
Page 21 and 22:
21 Guide t
Page 23 and 24: 23 Guide t
Page 51 and 52: 51 5. Internal Control — Purpose
Page 73: 73 Guide t
Page 77 and 78: 77 6. Financial Statement Assertion
Page 101 and 102: 101 Guide
Page 115 and 116: 115 10. Further Audit Procedures Ch
Page 125 and 126:
125 Guide
Page 127 and 128:
127 Guide
Page 129 and 130:
129 Guide
Page 131 and 132:
131 Guide
Page 133 and 134:
133 Guide
Page 135 and 136:
135 Guide
Page 137 and 138:
137 Guide
Page 139 and 140:
139 Guide
Page 141 and 142:
141 Guide
Page 143 and 144:
143 Guide
Page 145 and 146:
145 12. Related Parties Chapter Con
Page 147 and 148:
147 Guide
Page 149 and 150:
149 Guide
Page 151 and 152:
151 Guide
Page 153 and 154:
153 Guide
Page 155 and 156:
155 Guide
Page 157 and 158:
157 Guide
Page 159 and 160:
159 Guide
Page 161 and 162:
161 14. Going Concern Chapter Conte
Page 163 and 164:
163 Guide
Page 165 and 166:
165 Guide
Page 167 and 168:
167 Guide
Page 169 and 170:
169 Guide
Page 171 and 172:
171 15. Summary of Other ISA Requir
Page 173 and 174:
173 Guide
Page 175 and 176:
175 Guide
Page 177 and 178:
177 Guide
Page 179 and 180:
179 Guide
Page 181 and 182:
181 Guide
Page 183 and 184:
183 Guide
Page 185 and 186:
185 Guide
Page 187 and 188:
187 Guide
Page 189 and 190:
189 Guide
Page 191 and 192:
191 Guide
Page 193 and 194:
193 Guide
Page 195 and 196:
195 Guide
Page 197 and 198:
197 Guide
Page 199 and 200:
199 Guide
Page 201 and 202:
201 Guide
Page 203 and 204:
203 Guide
Page 205 and 206:
205 16. Audit Documentation Chapter
Page 207 and 208:
207 Guide
Page 209 and 210:
209 Guide
Page 211 and 212:
211 Guide
Page 213 and 214:
213 Guide
Page 215 and 216:
215 Guide
Page 217 and 218:
217 Guide
Page 219 and 220:
219 Guide
Page 221 and 222:
221 Guide
Page 223 and 224:
223 Guide
Page 225 and 226:
225 Guide
Page 227 and 228:
227 Guide
Page 229 and 230:
229 Guide
Page 231 and 232:
231 Guide
Page 233 and 234:
233 Guide
Page 235 and 236:
235 Guide
show all

Guide to Using International Standards on Auditing in - IFAC

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?