Page 68 - Internal Auditing Standards
P. 68

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts





         Controls          Description                                  Examples

         IT Application    These controls are programmed into IT        Checking the arithmetical accuracy of
         Controls          applications such as sales or purchases.     records, pricing of invoices, edit checks of
                           They include fully automated and partially   input data, numerical sequence checks,
                           automated controls.                          and production of exception reports for
                                                                        manager review.
         Actual Results    These controls involve the regular review    Analysis of operating results, comparing
         Reviews           and analyses of actual results versus        actual results to budget, and investigating
                           budgets, forecasts, and prior-period         variances.
                           performance. It also involves relating

                           different sets of data (operating or fi nancial)
                           to one another and comparing internal
                           data with external sources of information.
                           Unexpected variations would be
                           investigated and corrective actions taken.
         Physical          These controls relate to the physical        Such controls consist of asset security (door
         Controls          security of assets and permitted access      locks and restricted access to inventory/
                           to entity premises, accounting records,      records) and comparing the results of
                           computer programs, and data fi les.          periodic cash, security, and inventory
                                                                        counts with accounting records.



        Smaller Entities
        Control activities are designed to directly prevent a material misstatement from occurring or detecting and
        then correcting a misstatement after it has occurred.  In smaller entities, the concepts underlying control
        activities are likely to be similar to larger entities, but their relevance to the auditor may vary considerably.
        Consider the following.

        Exhibit 5.6-3

         Control Activities
                               Comments
         in Smaller Entities
         Informal              Many controls may operate informally and may not be well documented. For
         and Limited           example, granting credit to a customer may be more reliant on the judgment and
         documentation         knowledge of the manager than on a pre-established credit limit.
         Limited Scope         Control activities (to the extent they exist) are likely to relate to the main transaction
                               cycles such as revenues, purchases, and employment expenses.


















     66
   63   64   65   66   67   68   69   70   71   72   73