Lecture 4 - Planning, risk assessment and internal controls (1) Flashcards
Why do we need audit documentation?
Audit documentation supports the opinion of the auditor. It is required by the International Standards on Auditing (ISAs)
The auditor should be able to understand the following from the audit documentation:
-The nature, timing and extent of the procedures to
comply with ISAs and legal and regulatory
requirements.
-The results of the procedures and evidence
gathered
-The conclusions reached on significant matters.
Audit documents - Permanent files are….
Files containing historical data of continuing relevance
Audit documents - Current files are…..
Files that relate specifically to the current year’s
audit, both interim and final.
Examples of permanent files include:
- Memorandum and articles of association
- Organisation charts
- Lease or purchase documents
- Accounting manual
- Control system flowcharts.
Examples of current files include:
- Financial statements and the auditor’s report
- Audit strategy and audit plan
- Working trial balance
- Adjustments to trial balance
- Working papers to support the above
Documentation ownership belongs to….
Audit documents are the property of the auditor.
BUT they must not be shown to anyone without the
client’s consent, except under specific ethical
circumstances
What are internal controls?
Internal controls are designed by management or those
charged with governance to either prevent material
misstatements or detect in good time for remedial actions to be taken.
Internal controls are rules, policies and procedures set in place by those controlling the client to ensure business is:
- Operating effectively and efficiently
- Complying with all relevant laws & regulations
- Providing reliable financial reporting
Who is responsible for internal controls?
It is the responsibility of ‘those charged with governance, management, and other personnel’ (ISA
315) to design, implement and monitor internal controls
ISA 315 defines five key components of internal
controls (CRICM):
i. Control environment
ii. Risk assessment procedures
iii. Information system relevant to financial reporting
and communication
iv. Control activities
v. Monitoring of controls
The control environment relates to….
The culture and tone of the organisation, and depends on (ISA 315):
- Communication and enforcement of integrity and ethical values
- Commitment to competence
- Participation by those charged with governance
- Management’s philosophy and operating style
- Organisational structure
- Assignment of authority & responsibility
- Human resource policy & practices
The risk assessment process involves:
The client’s process for identifying and responding to business risks and the results thereof. Examples include: -Changes in operating environment -New personnel -Rapid growth -New or revamped information systems -Corporate restructuring
The ‘information system’ means…..
The infrastructure (physical and hardware), software, people, procedures and data.
‘Relevant to financial reporting’ means…..
Sufficient to prepare the financial statements and allow relevant and reliable decision making.
