Page 60 - Internal Auditing Standards
P. 60
Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts
Control Element The Key Question Possible Controls
Participation by How effective is the • A majority of TCWG are independent of management.
Those Charged governance (if any) • TCWG have the appropriate experience, stature, and
With Governance being provided fi nancial expertise.
(TCWG) over entity • Significant issues and financial results are communicated
(Other than Where operations? to TCWG in a timely manner.
Management is
• TCWG provide effective oversight over management’s
TCWG)
activities. This includes raising diffi cult questions and
pursuing answers.
• TCWG meet on a regular basis, and minutes of meetings
are circulated in a timely basis.
Management’s What are • Management demonstrates positive attitudes and actions
Philosophy and management's toward:
Operating Style attitudes and – Sound internal control over fi nancial reporting
actions toward (including management override and other fraud),
fi nancial reporting? – Appropriate selection/application of accounting
policies,
– Information-processing controls, and
– The treatment of accounting personnel.
• Management has established procedures to prevent
unauthorized access to or destruction of assets,
documents, and records.
• Management analyzes business risks and takes
appropriate action.
Organizational Has a relevant • The organizational structure is appropriate to facilitate
Structure organizational achievement of entity objectives, operating functions,
structure been and regulatory requirements.
established? • Management clearly understands its responsibility
and authority for business activities, and possesses the
requisite experience and levels of knowledge to properly
execute its positions.
• The entity structure facilitates the flow of reliable and
timely information to the appropriate people for planning
and controlling activities.
• Incompatible duties are segregated to the extent
possible.
Assignment of Have key areas • There are policies and procedures for authorization and
Authority and of authority and approval of transactions.
Responsibility responsibility been • Appropriate lines of reporting and accountability exist
appropriately (appropriate to the entity’s size and the nature of its
assigned? activities).
• Job descriptions include control-related responsibilities.
58
