Page 13 - Internal Auditing Standards
P. 13

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts




        •     Policies and procedures that provide additional accountability, such as signed approval for journal
              entries;
        •     Improved access controls for sensitive data and transactions;

        •     Silent  alarms;

        •     Discrepancy and exception reports;
        •     Audit trails;

        •     Fraud contingency plans;
        •     Human resource procedures such as identifying/monitoring individuals with above-average fraud
              potential (for example, an excessively lavish lifestyle); and

        •     Mechanisms for reporting potential frauds anonymously.

        Entity-Level Controls
        Entity-level controls address pervasive risks. They set the “tone at the top” of an organization and establish
        expectations for the control environment. They are often less tangible than controls that operate at the


        transaction level, but have a pervasive and significant impact and influence over all other internal controls. As
        such, they form the all-important foundation upon which other internal controls (if any) are built. Examples of
        entity level controls include management’s commitment to ethical behavior, attitudes toward internal control,


        hiring and competence of staff employed, and anti-fraud and period-end financial reporting. These controls
        will have an impact on all other business processes within the entity.
        Management
        The person(s) with executive responsibility for the conduct of the entity’s operations. For some entities in
        some jurisdictions, management includes some or all of those charged with governance—for example,
        executive members of a governance board, or an owner-manager.


        Those Charged With Governance (TCWG)
        The person(s) or organization(s) (for example, a corporate trustee) with responsibility for overseeing the
        strategic direction of the entity and obligations related to the accountability of the entity. This includes

        overseeing the financial reporting process. For some entities, in some jurisdictions, those charged with
        governance may include management personnel—for example, executive members of a governance board
        of a private or public sector entity, or an owner-manager.

        Owner-Manager
        This refers to the proprietors of an entity involved in the running of the entity on a day-to-day basis. In most
        instances, the owner-manager will also be the person charged with governance of the entity.

        Small- and Medium-Sized Accounting Practices/Firms (SMP)

        Accounting practices/firms that exhibit the following characteristics: its clients are mostly small- and medium-

        sized entities (SMEs); external sources are used to supplement limited in-house technical resources; and it
        employs a limited number of professional staff. What constitutes an SMP will vary from one jurisdiction to

        another.








                                                                                                                   11
   8   9   10   11   12   13   14   15   16   17   18