Professional Documents
Culture Documents
ACCA
ACCA
Control activities
Monitoring of controls
Control environment
Control environment includes the governance and management functions and the
attitudes, awareness and actions of those charged with governance and management
concerning the entity's internal control and its importance in the entity (ISA 315
(Revised): para. A76).
ISA 315 ((Revised): para. 14), states that auditors shall have an understanding of the
control environment. As part of this understanding, the auditor shall evaluate whether:
• (a) Management has created and maintained a culture of honesty and ethical
behaviour.
• (b) The strengths in the control environment provide an appropriate foundation for
the other components of internal control and whether those components are not
undermined by deficiencies in the control environment.
The auditor shall assess whether these elements of the control environment have been
implemented using a combination of enquiries of management and observation and
inspection
Control activities
Control activities are those policies and procedures that help ensure that management
directives are carried out (ISA 315 (Revised): para. A96).
Control activities include those activities designed to prevent or to detect and correct
errors.
๏ Authorisation.
๏ Comparison.
๏ Computer controls.
๏ Arithmetic controls.
๏ Physical control.
๏ Segregation of duties.
Monitoring of controls
Monitoring of controls is 'a process to assess the effectiveness of internal control
performance over time. It involves assessing the effectiveness of controls on a timely
basis and taking necessary remedial actions' (ISA 315 (Revised): para. A106)
Tests of control are tests performed to obtain audit evidence about the effectiveness of
the:
Design of the accounting and internal control systems, ie whether they are suitably
designed to prevent, or detect and correct, material misstatement at the assertion level;
(b) Enquiries about internal controls which leave no audit trail, eg determining
who actually performs each function, not merely who is supposed to perform it
The consistency with which they were applied during the period
Policies and procedures that relate to many applications and support the effective
functioning of application controls by helping to ensure the continued proper operation of
information systems. General IT controls commonly include controls over data centre and
network operations; system software acquisition, change and maintenance; access
security; and application system acquisition, development and maintenance.
(IFAC, 2016(b))
(IFAC, 2016(b))
General controls
• Development of computer applications
Application controls
• Controls over input: completeness
• Controls over input: accuracy
• Controls over input: authorisation
• Controls over processing
• Controls over master files and standing data