ACCA考试《审计》知识辅导资料,一起来看看!
ISA 315 (REVISED), IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
One of the major revisions of ISA 315 relates to the inquiries made by external auditors of the internal audit function since internal auditors have better knowledge and understanding of the organisation and its internal control. This article addresses and highlights the components of internal control
theinternationalauditingandassurancestandardsboard ( iaasb ) issuesinternationalstandardonauditing ( isa ) )。 forinternationaluse.fromtimetotime,isasarerevisedtoprovideupdatedstandardstoauditors.inordertoenhancetheoveralllqualityofors iasbpublishedaconsultationdraftonaproposedrevisiontoisa 315.theobjectiveinrevisingisa 315 istoenhancetheperformanceofexternalal dgeandfindingsofanentity’sinternalauditfunctionintheriskassessmentprocess,andtostrengtheframeworkforevaluatingtheuseuseofeoforess
In March 2012, ISA 315 (Revised) was approved and released. One of the major revisions of ISA 315 relates to the inquiries made by external auditors of the internal audit function since internal auditors have better knowledge and understanding of the organisation and its internal control. This article addresses and highlights the components of internal control.
OBJECTIVES IN ESTABLISHING INTERNAL CONTROLS
Generally speaking,internalcontrolsystemsaredesigned, implementedandmaintainedbythemanagementandpersonnelinordertoprovidereasonableassurancetofultheobjectivesthatis,reliabis efficiencyandeffectivenessofoperations、 compliancewithlawsandregulationsandriskassessmentofmaterialmisstatement.themannerinwhichtheinternalcontrolsystemisdesigned, implementedandmaintainedmayvarywiththeentity’sbusinessnature,size and complexity, etc.auditorsfocusonbotheauditoffinancialstatementsandinternalcontrolsthatreeobjectivesthatmaymaterialyaffectterion
In order to identify the types of potential misstatements and to determine the nature, timing and extent of audit testing, auditors should obtain an understanding of relevant internal controls, evaluate the design of the controls, and ascertain whether the controls are implemented and maintained properly.
themajorcomponentsofinternalcontrolincludecontrolenvironment,entity’sriskassessmentprocess,information system (信息系统) controlactivitiesrelevanttotheaudit,relevant to financial reporting
CONTROL ENVIRONMENT
The control environment consists of the governance and management functions and the attitudes, awareness and actions of the management about the internal control. Auditors may obtain an understanding of the control environments through the following elements.
1.communicationandenforcementofintegrityandethicalvaluesitisimportantforthemanagementtocreateandmaintainhonest,legal and ethon andtocommunicatetheentity’sethicalandbehavioralstandardstoitsemployeesthroughpolicystatementsandcodddardstoitsthroughpolicystystem
2. Commitment to competence It is important that the management recruits competent staff who possess the required knowledge and skills at competent level to accomplish tasks.
3.participationbythosechargedwithgovernanceanentity’scontrolconsciousnessisinfluencedsignificantlybythosechargedwithgovernchoverngethovernchithithithged theirindependencefrommanagement,experience and stature,extent of their involvement,aswellastheappropriatenessoftheir
4 .管理sphilosophyandoperatingstylemanagement’sphilosophyandoperatingstyleconsistsofabroadrangeofcharacteristics, suchas management’sattitudetoresponsetobusinessrisks,financial reporting,information processing,andaccountingfunctionsand doesthemanagementapplyaggressiveapproachwherealternativeaccountingprinciplesorestimatesareavailable? 标题管理’sphilosophyandoperatingstyleprovideapicturetoauditorsaboutthemanagement’sattitudeaboutheinternalcontrol。
5.organisationalstructuretheorganisationalstructureprovidestheframeworkonhowtheentity’sactivitiesareplanned,implemented
6. Assignment of authority and responsibility With the established organisational structure or framework, key areas of authority and
reporting lines should then be defined. The assignment of authority and responsibility include the personnel that make appropriate policies and assign resources to staff to carry out the duties. Auditors may perceive the implementation of internal controls through the understanding of the organisational structure and the reporting relationships.
7. Human resources policies and practices Human resources policies and practices generally refer to recruitment, orientation, training, evaluation, counselling, promotion, compensation and remedial actions. For example, an entity should establish policies to recruit individuals based on their educational background, previous work experience, and other relevant attributes. Next, classroom and on-the-job training should be provided to the newly recruited staff. Appropriate training is also available to existing staff to keep themselves updated. Performance evaluation should be conducted periodically to review the staff performance and provide comments and feedback to staff on how to improve themselves and further develop their potential and promote to the next level by accepting more responsibilities and, in turn, receiving competitive compensation and benefits.
withtheisa315(revised )、 externalauditorsarenowrequiredtomakeinquiriesoftheinternalauditfunctiontoidentifyandassessofmaterialmisstatement.auditors yrs onsesoftheidentifieddeficienciesoftheinternalcontrolsanddeterminewherthemanagementhastakenappration eactionstotackletachetheprobletheproblethetheproblet riesoftheinternalauditfunction,auditorsmaycollectauditevidenceofthecontrolenvironmentthroughobservationonhowtheeeemployesperfurfection inspection of the documents,andanalyticalprocedures.afterobtainingtheauditevidenceofthecontrolenvironment,auditorsmaythenaythenasasthenasth
实体’sriskassessmentprocess
Auditors should assess whether the entity has a process to identify the business risks relevant to financial reporting objectives, estimate the significance of them, assess the likelihood of the risks occurrence, and decide actions to address the risks. If auditors have identified such risks, then auditors should evaluate the reasons why the risk assessment process failed to identify the risks, determine whether there is significant deficiency in internal controls in identifying the risks, and discuss with the management.
THE INFORMATION SYSTEM, INCLUDING THE RELEVANT BUSINESS PROCESSES, RELEVANT TO FINANCIAL REPORTING AND COMMUNICATION
Auditors should also obtain an understanding of the information system, including the related business processes, relevant to financial reporting, including the following areas:
? theclassesoftransactionsintheentity’soperationsthataresignificanttothefinancialstatements.theproceduresthatttransactionsare corrected as necessary,transferredtothegeneralledgerandreportedinthefinancialstatements。
? How the information system captures events and conditions that are significant to the financial statements.
? thefinancialreportingprocessusedtopreparetheentity’sfinancialstatements。
? Controls surrounding journal entries.
? understandhowtheentitycommunicatesfinancialreportingroles,responsibilitiesandsignificantmatterstothosechargedwithgovernanceance
CONTROL ACTIVITIES RELEVANT TO THE AUDIT
Auditors should obtain a sufficient understanding of control activities relevant to the audit in order to assess the risks of material misstatement at the assertion level, and to design further audit procedures to respond to those risks. Control activities, such as proper authorisation of transactions and activities, performance reviews, information processing, physical control over assets and records, and segregation of duties, are policies and procedures that address the risks to achieve the management directives are carried out.
MONITORING OF CONTROLS
In addition, auditors should obtain an understanding of major types of activities that the entity uses to monitor internal controls relevant to financial reporting and how the entity initiates corrective actions to its controls. For instance, auditors should obtain an understanding of the sources and reliability of the information that the entity used in monitoring the activities. Sources of information include internal auditor report, and report from regulators.
LIMITATIONS OF INTERNAL CONTROL SYSTEMS
effectiveinternalcontrolsystemscanonlyprovidereasonable,not absolute, assurancetoachievetheentity’sfinancialreportingobjectiveduetotheinherentlimitationsofinternalcontrolfor example, managementoverrideofinternalcontrols.therefore,auditorsshouldidentifyandassesstherisksofmaterialmisstatementatttthefinanfinancialation
CONCLUSION
As internal auditors have better understanding of the organisation and expertise in its risk and control, the proposed requirement for the external auditors to make enquiries of internal audit function in ISA 315 (Revised) will enhance the effectiveness and efficiency of audit engagements. External auditors should pay attention to the components of internal control mentioned above in order to make effective and
efficient enquiries. An increase in the work of internal audit functions is also expected because of such proposed requirement.
Raymond Wong, School of Accountancy, The Chinese University of Hong Kong, and Dr Helen Wong, Hong Kong Community College, Hong Kong Polytechnic University
Reference ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment
编辑推荐:
ACCA考试《审计》知识指导资料总结
注册会计师协会ACCA考试指南
更多ACCA指导备注资料,请点击查看