Page 76 - Internal Auditing Standards
P. 76
Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts
Exhibit 5.11-1
Significant F/S Accounts & Disclosures
Control
Risk
Environment Assessment Includes controls over:
t Fraud (management
override)
Pervasive Controls Monitoring Entit y e -Leve l c Contro l l l s s t Centralized processing
t Period-end financial
Entity-Level Controls
reporting process
p
g
l
l
n
r
a
t
n
t
o
r
I
I
T
o
T
General IT controls
Ge
G
Information
System
Control
Activities
Specific Controls Transactional
Controls
IT application
controls
Transactions
Notes:
1. The above illustration is a general guide. In some instances, pervasive controls can be designed to
operate at a level of precision that would prevent or detect specific misstatements at the business
process level. For example, a detailed budget approved by those charged with governance may be used
by management to detect unauthorized administration expenditures. In other instances, there may be
control activities and parts of the information system that relate to entity level activities.
2. Entity level controls (such as the commitment to competence) may be less tangible than those at the
business process level (such as matching goods received to a purchase order), but are just as critical in
preventing and detecting fraud and error.
3. The period-end financial reporting process includes procedures to:
• Enter transaction totals into the general ledger;
• Select and apply accounting policies;
• Initiate, authorize, record, and process journal entries in the general ledger;
• Record recurring and non-recurring adjustments to the financial statements; and
• Prepare the financial statements and related disclosures.
4. General information technology (IT) controls are similar to entity level controls, except that they focus on
how IT operations (such as organization, staffing, data integrity) are managed across the entity.
5. IT application controls are similar to transaction controls. They relate to how specific transactions are
processed at the business process level.
74
