Control activities are the policies and procedures that help ensure management’s directives are carried out.
Examples include controls to ensure that goods are not shipped to bad credit risk or that only authorised purchases are made.
控制活动是有助于确保管理层的指令得到执行的政策和程序。
例如,确保货物不被运往不良信用风险的控制,或只进行授权的采购。
These controls address risks that, if not mitigated, would threaten the achievement of the entity’s objectives.
Control activities (whether within or outside the general and subsidiary ledgers) are designed to mitigate the risks involved in everyday activities such as transaction processing (business processes such as sales, purchases, and payroll) and safeguarding assets.
Control activities relevant to the audit may also include controls established by management that address disclosures being prepared in accordance with the applicable financial reporting framework — this would be in addition to controls that address risks related to account balances and transactions.
这些控制措施针对的是那些如果不加以缓解就会威胁到实体目标的实现的风险。
控制活动(无论是在总账和辅助账内还是在总账外)旨在减轻日常活动中的风险,如交易处理(诸如销售、采购和工资等业务流程)和保护资产。
与审计有关的控制活动还可能包括管理层建立的控制,这些控制涉及按照适用的财务报告框架编制的披露内容–这将是对解决与账户余额和交易有关的风险的控制的补充。
Business processes are structured sets of activities designed to produce a specified output. Business process controls can generally be classified as preventive, detective and corrective, or compensating or steering, as outlined below.
业务流程是一组结构化的活动,旨在产生一个特定的输出。业务流程控制一般可分为预防性、检测性和纠正性,或补偿性或指导性,如下所示。
The nature of business process controls will vary based on the risks involved and the specific application.
Typical controls at the business process level would include the matters set out below:-
业务流程控制的性质将根据所涉及的风险和具体应用而有所不同。
业务流程层面的典型控制将包括以下事项:-
Controls: Segregation of Duties
Description: These controls can reduce the opportunities for a person to be in a position to both perpetrate and conceal errors or fraud.
Examples: The employee responsible for the accounts receivable processing cannot access cash receipts.
控制:职责分离
描述:这些控制措施可以减少一个人既能犯错又能隐瞒错误或欺诈的机会。
举例说明:负责处理应收账款的员工不能接触现金收据。
Controls: Authorisation Controls
Description: These controls define who has the authority to approve various routine and non-routine transactions and events.
Examples: Assigning responsibility to authorise:
- Hiring of new employees;
- Making investments;
- Ordering goods and services; and
- Extending credit to a customer.
控制措施:授权控制
描述:这些控制规定了谁有权批准各种常规和非常规的交易和事件。
举例说明:指派责任来授权。
- 雇用新员工;
- 进行投资;
- 订购商品和服务;以及
- 向客户提供信贷。
Controls: Account Reconciliations
Description: This includes preparing and reviewing account reconciliations on a timely basis and taking any necessary corrective actions.
Examples: Reconciliations of bank accounts, sales transactions, intercompany balances, suspense accounts, etc.
控制:账户核对
描述:这包括及时准备和审查账户对账,并采取任何必要的纠正措施。这包括及时准备和审查账户对账,并采取任何必要的纠正措施。
举例说明:银行账户的核对、销售交易、公司间余额、暂记账户等。
Controls: IT Application Controls
Description: These controls are programmed into IT applications such as sales or purchases. They include fully automated and partially automated controls.
Examples: Checking the arithmetical accuracy of records, pricing of invoices, editing checks of input data, numerical sequence checks, and production of exception reports for manager review.
控制:IT应用控制
描述:这些控制被编入IT应用程序,如销售或采购。 它们包括完全自动化和部分自动化的控制。
举例说明:检查记录的算术准确性,发票的定价,输入数据的编辑检查,数字顺序检查,以及制作异常报告供经理审查。
Controls: Actual Results Reviews
Description: These controls involve the regular review and analyses of actual results versus budgets, forecasts, and prior-period performance.
It also involves relating different sets of data (operating or financial) to one another and comparing internal data with external sources of information. Unexpected variations would be investigated, and corrective actions would be taken.
Examples: Analysis of operating results, comparing actual results to budget, and investigating variances.
控制:实际结果审查
描述:这些控制涉及定期审查和分析实际结果与预算、预测和前期业绩的对比。
它还涉及到将不同的数据集(运营或财务)相互关联,并将内部数据与外部信息来源进行比较。意外的变化将被调查并采取纠正措施。
举例说明:分析运营结果,将实际结果与预算进行比较,并调查差异。
Controls: Physical Controls
Description: These controls relate to the physical security of assets and permitted access to entity premises, accounting records, computer programs, and data files.
Examples: Such controls consist of asset security (door locks and restricted access to inventory/records) and comparing the results of periodic cash, security, and inventory counts with accounting records.
控制:实体控制
描述:这些控制措施涉及资产的实体安全和允许进入实体场所、会计记录、计算机程序和数据文件。
举例说明:这类控制包括资产安全(门锁和限制对库存/记录的访问),以及将定期现金、安全和库存清点的结果与会计记录进行比较。
Smaller Entities | 较小的实体
Control activities are designed to prevent a material misstatement or detect and correct a misstatement after it has occurred. In smaller entities, the concepts underlying control activities are likely similar to larger entities, but their relevance to the auditor may vary considerably.
Consider the following:-
Control Activities in Smaller Entities: Informal and Limited Documentation
Comments: Many controls may operate informally and may not be well documented. For example, granting credit to a customer may rely more on the manager’s judgment and knowledge than on a pre-established credit limit.
Control Activities in Smaller Entities: Limited Scope
Comments: Control activities (to the extent they exist) are likely to relate to the main transaction cycles, such as revenues, purchases, and employment expenses.
Control Activities in Smaller Entities: Risks May be Mitigated by the Control Environment
Comments: Certain control activities may not be relevant because of controls applied by senior management.
For example, management’s approval of significant transactions can provide strong control over important account balances and transactions, lessening or removing the need for more detailed control activities.
Some transactional misstatements (usually addressed by control activities in larger entities) could be mitigated by:
- A corporate culture that emphasises the importance of control;
- Employing highly competent staff;
- Monitoring revenues and expenditures against an established budget;
- Requiring senior management’s approval of all major transactions;
- Monitoring of key performance indicators; and
- Assigning responsibilities among the staff to maximise the segregation of duties.
Control Activities in Smaller Entities: Financial Statement Disclosures
Comments: Auditors are required to understand management’s internal control as it relates to financial statement disclosures.
However, disclosures in smaller entities may be less detailed or less complex (e.g., some financial reporting frameworks allow smaller entities to provide fewer disclosures in the financial statements).
控制活动的目的是防止重大错报,或在错报发生后发现并纠正错报。在较小的实体中,控制活动的基本概念可能与较大的实体相似,但其与审计师的相关性可能有很大的不同。
请考虑以下几点:-
小型实体的控制活动:非正式的和有限的文件
评论:许多控制活动可能是非正式的,可能没有很好的文件记录。例如,向客户发放信贷可能更多地依赖于经理的判断和知识,而不是预先确定的信贷限额。
小型实体的控制活动:范围有限
评论:控制活动(如果存在的话)可能与主要的交易周期有关,如收入、采购和就业支出。
小型实体的控制活动:风险可以通过控制环境得到缓解
评论:某些控制活动可能与此无关,因为高级管理层实施了控制。
例如,管理层对重要交易的批准可以对重要的账户余额和交易提供强有力的控制,减少或消除对更详细的控制活动的需要。
一些交易性错报(通常在较大的实体中由控制活动解决)可以通过以下方式减轻:-
- 一种强调控制重要性的企业文化;
- 雇用高度称职的员工;
- 根据既定的预算监测收入和支出;
- 要求高级管理层对所有重大交易进行批准;
- 监测关键绩效指标;以及
- 在员工中分配责任,最大限度地实现职责分离。
小型实体的控制活动:财务报表的披露
评论:审计师需要了解管理层的内部控制,因为它与财务报表的披露有关。
然而,小型实体的披露可能没有那么详细或那么复杂(例如,一些财务报告框架允许小型实体在财务报表中提供较少的披露)。
Control activities relevant to the audit would potentially mitigate risks such as:
- Significant risks
- Identified and assessed risks of material misstatement that require special audit consideration in the auditor’s judgment.
- Risks that substantive procedures cannot easily address
- These are identified and assessed risks of material misstatement for which substantive procedures alone would not provide sufficient appropriate audit evidence.
与审计有关的控制活动将有可能减轻以下风险:-
- 重大风险
- 已确定和评估的重大错报风险,根据审计师的判断需要特别的审计考虑。
- 实质性程序不容易解决的风险
- 这些是已确定和评估的重大错报风险,仅靠实质性程序无法提供足够的适当审计证据。
The auditor’s judgment about whether a control activity is relevant to the audit is influenced by:
1) Knowledge about the presence/absence of control activities identified in other components of internal control.
If a particular risk has already been adequately addressed (such as by the control environment, information system, etc.), there is no need to identify any additional controls that may exist.
2) The existence of multiple control activities that achieve the same objective.
Understanding each of the control activities related to such an objective is unnecessary.
3) Increased audit efficiency will be gained from testing the operating effectiveness of certain key controls. This could occur when:
- Obtaining audit evidence through a test of the operating effectiveness of controls may be more cost-efficient than performing substantive procedures. Tests of controls typically result in smaller sample sizes than substantive tests. If the controls are automated, a sample size of just one item (assuming good general IT controls) may be all that is required. In addition, if the control system and personnel involved have not changed from previous years, it may be possible (under certain conditions) to limit the test of the operating effectiveness of controls to once every three years.
- Substantive procedures alone would not provide sufficient appropriate audit evidence at the assertion level. For example, the completeness assertion for sales revenue can be difficult (and sometimes impossible) to address by substantive procedures alone. In these situations, it would be worthwhile to identify any internal controls that address the risk and assertion involved. If the internal controls are expected to work effectively, the necessary audit evidence could be obtained through a test of the operating effectiveness of those controls.
审计师对一项控制活动是否与审计有关的判断受到以下因素的影响:-
1) 对内部控制的其他组成部分中确定的控制活动的存在/不存在的了解。如果某项风险已经得到充分解决(如控制环境、信息系统等),就没有必要再去识别任何可能存在的额外控制。
2) 存在实现同一目标的多种控制活动。了解与这种目标相关的每一项控制活动是不必要的。
3) 通过测试某些关键控制措施的运行效果,可以提高审计效率。这可能发生在:
- 通过测试控制措施的运行效果获得审计证据,可能比执行实质性程序更具成本效益。对控制的测试通常会导致比实质性测试更小的样本量。如果控制是自动化的,只需要一个项目的样本量(假设有良好的一般IT控制)就可以了。此外,如果控制系统和相关人员与前几年相比没有变化,那么(在某些条件下)可以将控制的运行有效性测试限制在每三年一次。
- 单纯的实质性程序不会在断言层面提供足够的适当审计证据。例如,销售收入的完整性断言可能很难(有时甚至不可能)仅通过实质性程序来解决。在这些情况下,值得确定任何能解决相关风险和断言的内部控制。如果预计内部控制能够有效地发挥作用,那么可以通过测试这些控制的运行效果来获得必要的审计证据。
Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.
Keep in touch with us so that you can receive timely updates |
要获得即时更新,请与我们保持联系
1. Website ✍️ https://www.ccs-co.com/ 2. Telegram ✍️ http://bit.ly/YourAuditor 3. Facebook ✍
- https://www.facebook.com/YourHRAdvisory/?ref=pages_you_manage
- https://www.facebook.com/YourAuditor/?ref=pages_you_manage
4. Blog ✍ https://lnkd.in/e-Pu8_G 5. Google ✍ https://lnkd.in/ehZE6mxy
6. LinkedIn ✍ https://www.linkedin.com/company/74734209/admin/
