Page 66 - Internal Auditing Standards
P. 66

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts




        Communication
        Communication is a key component of successful information systems. Consequently, if information is to be
        used in decision-making and to facilitate the functioning of internal control, it needs to be communicated on
        a timely basis (both internally and externally) to the appropriate people.

        Eff ective internal communication helps the entity’s personnel clearly understand internal control objectives,
        the business processes in use, and their individual roles and responsibilities. It also helps them understand
        the extent to which their activities relate to the work of others, and the means of reporting exceptions to an
        appropriate higher level within the entity.

        The means of communication may be informal (verbal) or formal (i.e., documented in policy and fi nancial
        reporting manuals).

        Internal communication between top management and employees is often easier and less formal in smaller
        companies, due to fewer levels and smaller numbers of personnel and the greater availability and presence of
        senior management.


        Eff ective external communication ensures that matters affecting the achievement of fi nancial reporting
        objectives are communicated with relevant outside parties such as key stakeholders, fi nancial institutions,
        regulators, and government agencies.

        Lack of IT Systems Documentation
        Smaller entities may have less sophisticated and less thoroughly documented information and
        communication systems. If management does not have extensive descriptions of accounting procedures,
        sophisticated accounting records, or written policies, the understanding required by the auditor will be
        obtained more by inquiry and observation than by review of documentation.



        5.6    Control Activities



            Paragraph #           Relevant Extracts from ISAs
            315.20                The auditor shall obtain an understanding of control activities relevant to the audit, being
                                  those the auditor judges it necessary to understand in order to assess the risks of material
                                  misstatement at the assertion level and design further audit procedures responsive to assessed
                                  risks. An audit does not require an understanding of all the control activities related to each


                                  significant class of transactions, account balance, and disclosure in the financial statements or
                                  to every assertion relevant to them. (Ref: Para. A88-A94)
            315.21                In understanding the entity’s control activities, the auditor shall obtain an understanding of
                                  how the entity has responded to risks arising from IT. (Ref: Para. A95-A97)






                                                        Control
                                                        Activities









     64
   61   62   63   64   65   66   67   68   69   70   71