Internal Control Components: Monitoring
Monitoring assesses the effectiveness of the internal control’s performance over time. The objective is to ensure that the controls are working properly and, if not, to take necessary corrective actions. Monitoring provides feedback to management on whether the internal control system they have designed to mitigate risks is: Management accomplishes the monitoring of controls through […]
Understanding IT Risks and Internal Controls
Most entities today use information technology (IT) to manage, control, and report on at least some of their activities. A central support team often manages IT operations that ensure the day-to-day users (staff) have appropriate access to the hardware, software, and applications required to perform their responsibilities. In smaller entities, IT management may be the […]
Internal Control Components: The Control Environment
The control environment is the foundation for effective internal control, providing discipline and structure for the entity. It sets the tone of an organisation, influencing its people’s control consciousness or awareness. The control environment addresses the governance and management functions. It also addresses the attitudes, awareness, and actions of those charged with governance and management […]
Internal Control Components: Risk Assessment
Risk assessment is the second of the five internal control elements. An effective risk assessment process implemented and maintained by management would provide important information needed to determine what business/fraud risks should be managed so that appropriate actions can be taken. 风险评估是五个内部控制要素中的第二个。 由管理层实施和维护的有效风险评估程序将提供所需的重要信息,以确定应管理哪些业务/欺诈风险,从而采取适当行动。 Management may initiate plans or programs or implement policies and procedures to […]
Internal Control Components: Information System and Communication
Management (and those charged with governance) requires reliable information to: This requires pertinent information to be identified, captured and communicated/distributed timely to personnel (at all levels of the entity) who need it for decision-making. 管理层(和负责管理的人)需要可靠的信息来: 这就要求相关的信息能够被识别、获取并及时传达/分发到需要决策的人员(在实体的各个层面)。 An information system consists of infrastructure (physical and hardware components), software, people, procedures, and data. Many information systems make […]
Internal Control Objectives
Internal control is designed, implemented, and maintained by those charged with governance and management of other personnel to address identified business and fraud risks that threaten the achievement of stated objectives, such as the reliability of financial reporting. The auditor must understand how the entity addresses each of the five components of internal control as […]
Audit Documentation
Sufficient audit documentation is required to enable an experienced auditor, having no previous connection with the audit, to understand: Audit documentation for a smaller entity is generally less extensive than that for the audit of a larger entity. For example, various aspects of the audit could be recorded together in a single document, with cross-references […]
Benefits of the Risk-Based Audit
Some of the benefits of the risk-based approach are summarised in the exhibit below. 风险导向性审计方法(risk-based approach)进行审计的一些好处在下面的展览中进行了总结。 Time Flexibility When Audit Work Needs to Be Performed Because risk assessment procedures do not involve the detailed testing of transactions and balances, they can be performed well before the period end, assuming no major operational changes are anticipated. […]
ISAs for Smaller Audits
ISAs do not distinguish the audit approach required for a one-person entity from that required for a multinational entity employing thousands of people. An audit is an audit. Consequently, the basic approach to an audit does not change just because the entity is small. The word “audit” is intended to convey a clear message to […]
Audit Risk
Audit risk is the risk of expressing an inappropriate audit opinion on financial statements that are materially misstated. The objective of the audit is to reduce this audit risk to an acceptably low level. 审计风险是指对有重大误报的财务报表发表不恰当的审计意见的风险。 审计的目的是将这种审计风险降低到一个可接受的低水平。 Audit risk has two key elements, as illustrated below. 审计风险有两个关键因素,如下图所示。 To reduce audit risk to an acceptably low level, […]
