Chapter 10 Understanding Entity-Level Controls

更新时间:2023-06-23 16:54:16 阅读: 评论:0

Brow Location: United States\PwC Material\Montgomery's Auditing, Twelfth Edition\Part 2: Theory and Concepts
茅理翔
Publish Date: 25 June, 2001
 
窗体顶部马铃薯炖肉
窗体底部
10
Understanding Entity-Level Controls
五常是什么意思
10.1 Developing the Understanding   
(a) Control Environment,   
(i) Integrity and Ethical Values,   
(ii) Commitment to Competence,   
(iii) Composition and Activities of the Board of Directors and Committees,   
(iv) Management's Philosophy and Operating Style,   
(v) Organizational Structure,   
(vi) Assignment of Authority and Responsibility,   
(vii) Human Resource Policies and Practices,   
(b) Management's Risk Asssment,   
(c) Monitoring,   
(d) Information and Communication,   
(i) The Accounting System,   
(ii) The Computer Environment,   
(1) Hardware,   
(2) Software,   
(3) Databa Management Systems,
(3A)  Data Warehou Applications二次元污污   
(4) Organization of the IT Function,   
(5) Decentralized and Distributed Data Processing,   
(iii) Understanding the Accounting System and the Computer Environment,   
10.2 Evaluating Design Effectiveness   
10.3 Application to Small and Mid-sized Entities   
10.4 Documenting the Understanding and Evaluation of Design   
Controls that are relevant to financial reporting are applied at various levels in an entity. Controls in some components, such as the control environment, operate at a high level within an entity and thus have an impact on many or all account balances. Other controls are applied at successively lower levels and relate to increasingly more detailed process and activities. Some of tho controls are applied to a cycle or an entire class of transactions in a cycle, and have an effect on the account balances derived from related transactions. Others, specifically control activities, operate at even lower, more detailed levels and tend to be focud on individual applications within transaction cycles and to affect specific account balances and audit objectives. The latter controls are most relevant when the auditor plans to asss control risk at low. Understanding the entity-level aspects of internal control is discusd in this chapter, and understanding control activities and aspects of monitoring that relate to a cycle or transactions in a cycle in Chapter 11 (e Section 11.3, Developing the Understanding). Chapter 12 covers asssing control risk and testing controls, at all levels, to confirm the asssment (e Section 12.5, Documenting the Asssment of Control Risk and Tests of Controls).
Figure 10.1 depicts the process by which the auditor obtains an understanding of internal control and asss control risk. The flowchart shows the various decisions the auditor makes and their conquences for the audit strategy. The steps in the flowchart are explained in the following ctions of this chapter and in Chapters 11 and 12.
Figure 10.1 Understanding Internal Control and Its Audit Implications
Understand Entity-Level Control Components:
1. Control Environment
2. Management's Risk Asssment
3. Information and Communication
4. Monitoringa
Understand Accounting System and Computer Environment
Evaluate Effectiveness of Design
Make Preliminary Asssment of Control Risk
回形针体位
Maximum control risk   
西葫芦的做法大全Below the maximum control risk
Low control risk
No further understanding
needed
Obtain understanding of
activity-level monitoring
controls; evaluate
effectiveness of design
Obtain understanding of
control activities; evaluate
联想进入bioseffectiveness of design
No tests of controls
performed   
Test entity-level controls
and activity-level monitoring
controls to confirm
asssment
Test entity-level controls
and control activities to
confirm asssmentb
Design substantive tests to
gain high assurance   
Design substantive tests to
gain moderate assurance   
Design substantive tests to
gain low assurance
a Includes performance reviews, which are classified as control activities in SAS No. 78. See footnote 2 in Chapter 11.
b On recurring engagements, certain tests of controls may be performed at the same time as updating the understanding, bad on the planned asssment of control risk.
 
10.1 Developing the Understanding
The cond standard of field work specifically requires the auditor to obtain a sufficient understanding of the entity's internal control for planning purpos. A sufficient understanding of internal control is one that when considered together with other information about the entity, such as that from prior years' experience, enables the auditor to evaluate whether controls are effectively designed, identify misstatements that could occur becau of any design deficiencies, consider the risk of such misstatements occurring, and design appropriate substantive tests to detect them. Statement on Auditing
Standards (SAS) No. 78, Consideration of Internal Control in a Financial Statement Audit: An Amendment of SAS No. 55 (AU Section 319), points out that while internal control is relevant to both the entity as a whole and its individual operating units or business functions, it may not be necessary for the auditor to obtain an understanding of internal control related to each of the entity's operating units or business functions. An audit guide to the SAS, Consideration of Internal Control in a Financial Statement Audit, issued by the AICPA's Control Risk Audit Guide Revision Task Force illustrates how auditors might apply the provisions of the SAS in determining an audit strategy that might be ud for entities of various sizes, including obtaining the necessary understanding of internal control.
Meeting the cond standard of field work requires the auditor to develop an understanding of relevant controls in the various components, regardless of the planned control risk asssment. It may not be necessary for the auditor to understand control activities when control risk is assd at maximum or below the maximum, becau in tho circumstances no tests of control activities will be performed. The auditor should, h
幼儿唐诗100首
owever, consider whether an understanding of any specific control activities is necessary in order to design substantive tests.
In developing the understanding of internal control, the auditor determines the design of relevant controls, that is, how they are suppod to operate, and whether they have been placed in operation, that is, whether the entity is actually using them. The auditor's objective in understanding controls is not to obtain evidence about whether they are operating effectively; evidence about the effective operation of controls is obtained by testing the controls, which is discusd in Chapter 12 (e Section 12.3, Performing Tests of Controls). Often, however, the auditor obtains some evidence about operating effectiveness as a result of performing procedures aimed at developing the understanding, becau tho procedures are similar to procedures ud in testing controls. The auditor considers that evidence when determining the tests of controls to perform in order to be able to restrict substantive tests directed at certain audit objectives and account balances.
The understanding of internal control required for audit planning (that is, for identifying and reacting to the risk of material misstatements) is obtained by considering previous experience with the entity, reviewing prior-year audit results, making inquiries of entity personnel and obrving them in the performance of their duties, and examining descriptions of procedures and other appropriate documentation prepared by the entity's personnel. As explained in Chapter 6, obrvation involves direct viewing of employees in the work environment. Inquiry (interviewing) entails asking specific questions of the entity's management and employees, which may be done informally or in formal interviews. Interviewing is one of the most effective ways to gain an initial understanding of the entity's internal control. The auditor examines records (either manual or electronic), documents, reconciliations, and reports for evidence that a procedure has been properly applied. The specific procedures the auditor performs to obtain the necessary understanding of internal control, and the extent to which they are performed on a particular audit, vary according to the entity's size and complexity, the auditor's previous experience with the entity, the particular control, and the entity's documentation.

本文发布于:2023-06-23 16:54:16,感谢您对本站的认可!

本文链接:https://www.wtabcd.cn/fanwen/fan/82/1022513.html

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。

标签:马铃薯   西葫芦   进入   回形针
相关文章
留言与评论(共有 0 条评论)
   
验证码:
推荐文章
排行榜
Copyright ©2019-2022 Comsenz Inc.Powered by © 专利检索| 网站地图