Page 100 - Internal Auditing Standards
P. 100
Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts
Paragraph # Relevant Extracts from ISAs
240.20 Unless all of those charged with governance are involved in managing the entity, the auditor
shall obtain an understanding of how those charged with governance exercise oversight of
management’s processes for identifying and responding to the risks of fraud in the entity
and the internal control that management has established to mitigate these risks. (Ref: Para.
A19-A21)
240.21 Unless all of those charged with governance are involved in managing the entity, the auditor
shall make inquiries of those charged with governance to determine whether they have
knowledge of any actual, suspected or alleged fraud affecting the entity. These inquiries are
made in part to corroborate the responses to the inquiries of management.
Inquiry is used by the auditor in conjunction with other risk assessment procedures to assist in identifying
risks of material misstatement. The focus of the questions is to obtain an understanding of each of the
required aspects as set out in paragraphs 11 and 12 of ISA 315 (reproduced above).
Typically, most information from inquiries is obtained from management and those responsible for fi nancial
reporting. However, inquiries of others within the entity and employees with different levels of authority can
provide a different perspective, and additional information that can be useful in identifying risks of material
misstatement that may otherwise be missed. For example, a discussion with the sales manager might reveal
that certain sales transactions (late in the period) were rushed through and not recorded in accordance with
the entity’s revenue recognition policies.
98
