Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
74<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
Exhibit 5.11-1<br />
Significant F/S Accounts & Disclosures<br />
Pervasive<br />
C<strong>on</strong>trols<br />
C<strong>on</strong>trol<br />
Envir<strong>on</strong>ment<br />
M<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r<strong>in</strong>g<br />
Risk<br />
Assessment<br />
Entity-Level C<strong>on</strong>trols<br />
General l IT c<strong>on</strong>trols<br />
t Includes c<strong>on</strong>trols over:<br />
Fraud (management<br />
override)<br />
Centralized process<strong>in</strong>g<br />
Period-end f<strong>in</strong>ancial<br />
report<strong>in</strong>g process<br />
Specific<br />
C<strong>on</strong>trols<br />
C<strong>on</strong>trol<br />
Activities<br />
Informati<strong>on</strong><br />
System<br />
Transacti<strong>on</strong>al<br />
C<strong>on</strong>trols<br />
IT applicati<strong>on</strong><br />
c<strong>on</strong>trols<br />
Transacti<strong>on</strong>s<br />
Notes:<br />
1. The above illustrati<strong>on</strong> is a general guide. In some <strong>in</strong>stances, pervasive c<strong>on</strong>trols can be designed <str<strong>on</strong>g>to</str<strong>on</strong>g><br />
operate at a level of precisi<strong>on</strong> that would prevent or detect specific misstatements at the bus<strong>in</strong>ess<br />
process level. For example, a detailed budget approved by those charged with governance may be used<br />
by management <str<strong>on</strong>g>to</str<strong>on</strong>g> detect unauthorized adm<strong>in</strong>istrati<strong>on</strong> expenditures. In other <strong>in</strong>stances, there may be<br />
c<strong>on</strong>trol activities and parts of the <strong>in</strong>formati<strong>on</strong> system that relate <str<strong>on</strong>g>to</str<strong>on</strong>g> entity level activities.<br />
2. Entity level c<strong>on</strong>trols (such as the commitment <str<strong>on</strong>g>to</str<strong>on</strong>g> competence) may be less tangible than those at the<br />
bus<strong>in</strong>ess process level (such as match<strong>in</strong>g goods received <str<strong>on</strong>g>to</str<strong>on</strong>g> a purchase order), but are just as critical <strong>in</strong><br />
prevent<strong>in</strong>g and detect<strong>in</strong>g fraud and error.<br />
3. The period-end f<strong>in</strong>ancial report<strong>in</strong>g process <strong>in</strong>cludes procedures <str<strong>on</strong>g>to</str<strong>on</strong>g>:<br />
• Enter transacti<strong>on</strong> <str<strong>on</strong>g>to</str<strong>on</strong>g>tals <strong>in</strong><str<strong>on</strong>g>to</str<strong>on</strong>g> the general ledger;<br />
• Select and apply account<strong>in</strong>g policies;<br />
• Initiate, authorize, record, and process journal entries <strong>in</strong> the general ledger;<br />
• Record recurr<strong>in</strong>g and n<strong>on</strong>-recurr<strong>in</strong>g adjustments <str<strong>on</strong>g>to</str<strong>on</strong>g> the f<strong>in</strong>ancial statements; and<br />
• Prepare the f<strong>in</strong>ancial statements and related disclosures.<br />
4. General <strong>in</strong>formati<strong>on</strong> technology (IT) c<strong>on</strong>trols are similar <str<strong>on</strong>g>to</str<strong>on</strong>g> entity level c<strong>on</strong>trols, except that they focus <strong>on</strong><br />
how IT operati<strong>on</strong>s (such as organizati<strong>on</strong>, staff<strong>in</strong>g, data <strong>in</strong>tegrity) are managed across the entity.<br />
5. IT applicati<strong>on</strong> c<strong>on</strong>trols are similar <str<strong>on</strong>g>to</str<strong>on</strong>g> transacti<strong>on</strong> c<strong>on</strong>trols. They relate <str<strong>on</strong>g>to</str<strong>on</strong>g> how specific transacti<strong>on</strong>s are<br />
processed at the bus<strong>in</strong>ess process level.