ISA 315 (REVISED), IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
One of the major revisions of ISA 315 relates to the inquiries made by external auditors of the internal audit function since internal auditors have better knowledge and understanding of the organisation and its internal control. This article addresses and highlights the components of internal control
The International Auditing and Assurance Standards Board (IAASB) issues International Standard on Auditing (ISA) for international use. From time to time, ISAs are revised to provide updated standards to auditors. In order to enhance the overall quality of audit, IAASB published a consultation draft on a proposed revision to ISA 315. The objective in revising ISA 315 is to enhance the performance of external auditors by applying the knowledge and findings of an entity’s internal audit function in the risk assessment process, and to strengthen the framework for evaluating the use of internal auditors work to obtain audit evidence.
In March 2012, ISA 315 (Revised) was approved and released. One of the major revisions of ISA 315 relates to the inquiries made by external auditors of the internal audit function since internal auditors have better knowledge and understanding of the organisation and its internal control. This article addresses and highlights the components of internal control.
OBJECTIVES IN ESTABLISHING INTERNAL CONTROLS
Generally speaking, internal control systems are designed, implemented and maintained by the management and personnel in order to provide reasonable assurance to fulfil the objectives – that is, reliability of financial reporting, efficiency and effectiveness of operations, compliance with laws and regulations and risk assessment of material misstatement. The manner in which the internal control system is designed, implemented and maintained may vary with the entity’s business nature, size and complexity, etc. Auditors focus on both the audit of financial statements and internal controls that relates to the three objectives that may materially affect financial reporting.
In order to identify the types of potential misstatements and to determine the nature, timing and extent of audit testing, auditors should obtain an understanding of relevant internal controls, evaluate the design of the controls, and ascertain whether the controls are implemented and maintained properly.
The major components of internal control include control environment, entity’s risk assessment process, information system (including the related business processes, control activities relevant to the audit, relevant to financial reporting, and communication) and monitoring of controls.
CONTROL ENVIRONMENT
The control environment consists of the governance and management functions and the attitudes, awareness and actions of the management about the internal control. Auditors may obtain an understanding of the control environments through the following elements.
1. Communication and enforcement of integrity and ethical values It is important for the management to create and maintain honest, legal and ethical culture, and to communicate the entity’s ethical and behavioral standards to its employees through policy statements and codes of conduct, etc.
2. Commitment to competence It is important that the management recruits competent staff who possess the required knowledge and skills at competent level to accomplish tasks.
3. Participation by those charged with governance An entity’s control consciousness is influenced significantly by those charged with governance; therefore, their independence from management, experience and stature, extent of their involvement, as well as the appropriateness of their actions are extremely important.
4. Management’s philosophy and operating style Management’s philosophy and operating style consists of a broad range of characteristics, such as management’s attitude to response to business risks, financial reporting, information processing, and accounting functions and personnel, etc. For example, does the targeted earning realistic? Does the management apply aggressive approach where alternative accounting principles or estimates are available? These management’s philosophy and operating style provide a picture to auditors about the management’s attitude about the internal control.
5. Organisational structure The organisational structure provides the framework on how the entity’s activities are planned, implemented, controlled and reviewed.
6. Assignment of authority and responsibility With the established organisational structure or framework, key areas of authority and
reporting lines should then be defined. The assignment of authority and responsibility include the personnel that make appropriate policies and assign resources to staff to carry out the duties. Auditors may perceive the implementation of internal controls through the understanding of the organisational structure and the reporting relationships.
7. Human resources policies and practices Human resources policies and practices generally refer to recruitment, orientation, training, evaluation, counselling, promotion, compensation and remedial actions. For example, an entity should establish policies to recruit individuals based on their educational background, previous work experience, and other relevant attributes. Next, classroom and on-the-job training should be provided to the newly recruited staff. Appropriate training is also available to existing staff to keep themselves updated. Performance evaluation should be conducted periodically to review the staff performance and provide comments and feedback to staff on how to improve themselves and further develop their potential and promote to the next level by accepting more responsibilities and, in turn, receiving competitive compensation and benefits.
With the ISA 315 (Revised), external auditors are now required to make inquiries of the internal audit function to identify and assess risks of material misstatement. Auditors may refer to the management’s responses of the identified deficiencies of the internal controls and determine whether the management has taken appropriate actions to tackle the problems properly. Besides inquiries of the internal audit function, auditors may collect audit evidence of the control environment through observation on how the employees perform their duties, inspection of the documents, and analytical procedures. After obtaining the audit evidence of the control environment, auditors may then assess the risks of material misstatement.
編輯推薦:
(責任編輯:)