Page 55 - Internal Auditing Standards
P. 55

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts




        •     The information produced is used to develop an analytical procedure; or

        •     The information is required for disclosure in the fi nancial statements.

        For example, if production statistics were used as a basis for an analytical procedure, the controls to ensure
        the accuracy of such data would be relevant. If non-compliance with certain laws and regulations has a


        direct and material effect on the financial statements, the controls for detecting and reporting on such non-
        compliance would be relevant.
        Internal Control Components
        The term “internal control” as used in ISA 315 is broader than just control activities such as segregation of
        duties, authorizations and account reconciliations, etc.


        Internal control encompasses five key components:
        •     The control environment;
        •     The entity’s risk assessment process;


        •     The information system, including the related business processes, relevant to financial reporting and
              communication;
        •     Control activities relevant to the audit; and

        •     Monitoring of internal control.

        These components as they relate to the entity’s financial reporting objectives are illustrated below.

        The Five Components of Internal Control

        Exhibit 5.2-1


                                              Control
                                                                       Risk
                                            Environment            Assessment


                              Financial
                              Reporting
                                                                                    Information
                              Objectives
                                                                                        System




                                                                Control
                                       Monitoring
                                                               Activities



        The division of internal control into these five components provides a useful framework for auditors in


        understanding the different aspects of an entity’s internal control system. However, it should be noted that:
        •     The way in which the internal control system is designed and implemented will vary based on the
              entity’s size and complexity. Smaller entities often use less formal means and simpler processes and

              procedures to achieve their objectives. The five components of internal control may not be so clearly
              distinguished; however, their underlying purposes are equally valid. For example, an owner-manager


                                                                                                                   53
   50   51   52   53   54   55   56   57   58   59   60