Page 75 - Internal Auditing Standards
P. 75

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts






           CONSIDER POINT

           When the entity has a mix of manual and automated controls, always identify who is responsible for
           the operation of each control. For example, suppose a warehouse manager is responsible for shipping
           goods. The warehouse manager manually inputs the data into a sales system that has an application
           control to match the shipment to the original order. If something goes wrong in the matching process,
           is it the responsibility of the warehouse manager, the IT department, or the accounting department?
           Unless one person is assigned responsibility for the entire process, people will inevitably blame each
           other when errors are made.
           Where responsibility has not been assigned, consider:

           •     The likelihood and magnitude of potential misstatements that could occur in the fi nancial
                 statements;
           •     The appropriate audit response; and

           •     Whether the matter should be reported to management.




        5.11 Pervasive Controls



            Paragraph #           Relevant Extracts from ISAs

            315.14 (b)            The auditor shall…evaluate whether:
                                  (b)    The strengths in the control environment elements collectively provide an appropriate
                                       foundation for the other components of internal control, and whether those other

                                       components are not undermined by deficiencies in the control environment. (Ref: Para.
                                       A69-A78)





        This chapter has now addressed each of the five components of internal control. Some of these controls are

        pervasive in nature and only indirectly serve to prevent a misstatement from occurring, or to detect and
        correct it after it has occurred. Other controls relate to particular transaction risks (such as payroll, sales, and

        purchases) and are designed specifically to prevent or detect and correct misstatements.
        The following exhibit shows the interaction of the two levels of control over transactions as they journey from

        initiation and processing (transactional level) through the accounting records (entity level) and finally to the

        financial statements. Notice that at least three of the five internal control components consist primarily of

        pervasive controls.















                                                                                                                   73
   70   71   72   73   74   75   76   77   78   79   80