标题: Methods for Understanding Internal Control [打印本页] 作者: cyber21 时间: 2016-4-20 14:17 标题: Methods for Understanding Internal Control
ACCA F8 考试:Methods for Understanding Internal Control
■ To be able to understand internal control, the design of a control and then its implementation must be ascertained by the auditor.
□ Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements.
□ Implementation of a control means that the control exists and that the entity is using it.
□ A poorly designed control may still result in a material misstatement regardless of the fact that it is being correctly operated.*
Control Design
■ Risk assessment procedures to obtain sufficient evidence about the design of internal control include previous experience, inquiry, observation, inspection and walkthroughs
Previous
experience■Past understanding and assessments carried out (as recorded in the PAF). This must be updated when changes have occurred in the current year.
Inquiry■ Usually of entity personnel (e.g. management, internal audit, those charged with governance, operational personnel).
Observation■ Reviewing the application of specific controls, especially in manual systems (e.g. inventory counts, inspection of goods received, enforcement of ethical practices).
Inspection■ Documents and reports, for example:
□ the entity's risk-strategy assessment and response;
□ internal control procedure manuals;
□ management reports;
□ system and control error reports;
□ internal audit testing programmes (including reports to management and management response).
Walk-through■ Desktop walk-through, supported by design and procedural manuals, to gain a theoretical understanding of the controls in a system.
■ Tracing a separate transaction through each relevant element of the control system (e.g. the sales system) and reviewing the design of appropriate controls.
■ This will often require the use of computer audit assisted techniques to enable the transaction to be traced through computer-based information systems (IS).