Professional Documents
Culture Documents
(Bme 21) Psa 300, 315R & 330 PDF
(Bme 21) Psa 300, 315R & 330 PDF
(Bme 21) Psa 300, 315R & 330 PDF
PLANNING ACTIVITIES
3. The auditor shall establish an overall audit strategy for the audit. The overall audit strategy sets the
scope, timing and direction of the audit, and guides the development of the more detailed audit plan.
5. The auditor shall develop an audit plan that shall include a description of:
• The nature, timing and extent of planned risk assessment procedures, as determined under PSA 315.
• The nature, timing and extent of planned further audit procedures at the assertion level, as
determined under PSA 330.
• Other planned audit procedures that are required to be carried out so that the engagement complies
with PSAs.
2. The nature, timing and extent of the direction and supervision of engagement team members and review
of their work vary depending on many factors, including:
• The size and complexity of the entity;
• The area of the audit;
• The risks of material misstatement; and
• The capabilities and competence of the individual team members performing the audit work.
The auditor plans the nature, timing and extent of direction and supervision of engagement team members
based on the assessed risk of material misstatement.
DOCUMENTATION
The auditor shall document the overall audit strategy and the audit plan, including any significant changes made
during the audit engagement.
2. The auditor shall design and perform risk assessment procedures to obtain audit evidence that provides
an appropriate basis for:
a) the identification and assessment of risks of material misstatement, whether due to fraud or error,
• at the financial statement
• and assertion levels; and
When there are engagement team members not involved in the engagement team discussion, the engagement
partner shall determine which matters are to be communicated to those members.
The auditor shall perform risk assessment procedures to obtain an understanding of:
2) The applicable financial reporting framework, and the entity’s accounting policies and the reasons for
any changes thereto;
3) How inherent risk factors affect susceptibility of assertions to misstatement and the degree to which they
do so, in the preparation of the financial statements in accordance with the applicable financial reporting
framework.
The auditor shall evaluate whether the entity’s accounting policies are appropriate and consistent with the
applicable financial reporting framework.
INTERNAL CONTROL
Page | 2
Internal control is the process designed, implemented and maintained by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement of an entity’s
objectives with regard to:
• Reliability of financial reporting;
• Effectiveness and efficiency of operations; and
• Compliance with applicable laws and regulations.
When obtaining an understanding of controls that are relevant to the audit, the auditor shall:
evaluate the design of those controls; and
determine whether they have been implemented
by performing procedures in addition to inquiry of the entity’s personnel.
The auditor shall obtain an understanding of the control environment. As part of obtaining this understanding,
the auditor shall evaluate whether:
• Management, with the oversight of those charged with governance, has created and maintained a
culture of honesty and ethical behavior; and
• The strengths in the control environment elements collectively provide an appropriate foundation
for the other components of internal control, and whether those other components are not undermined
by deficiencies in the control environment.
The auditor shall obtain an understanding of how the entity communicates financial reporting roles and
responsibilities and significant matters relating to financial reporting, including:
Page | 3
• Communications between management and those charged with governance; and
• External communications, such as those with regulatory authorities.
5. MONITORING OF CONTROLS
• Monitoring of controls involves assessing the design and operation of controls on a timely basis and
taking the necessary corrective actions modified for changes in conditions.
• The auditor shall obtain an understanding of the major activities that the entity uses to monitor internal
control over financial reporting, including those related to those control activities relevant to the audit,
and how the entity initiates remedial actions to deficiencies in its controls.
• If the entity has an internal audit function, the auditor shall obtain an understanding of the following in
order to determine whether the internal audit function is likely to be relevant to the audit:
a) The nature of the internal audit function’s responsibilities and how the internal audit function fits
in the entity’s organizational structure; and
b) The activities performed, or to be performed, by the internal audit function.
• The auditor shall obtain an understanding of the sources of the information used in the entity’s monitoring
activities, and the basis upon which management considers the information to be sufficiently reliable for
the purpose.
INTERNAL CONTROL – the process designed, implemented and maintained by those charged with
governance, management and other personnel to provide reasonable assurance about the achievement of an
entity’s objectives with regard to:
• Reliability of financial reporting
• Effectiveness and efficiency of operations; and
• Compliance with applicable laws and regulations.
2. ACCOUNTING CONTROL
• Comprises the plan of organization and the procedures and records that are concerned with the
safeguarding of assets and the reliability of financial records.
• Involves systems of authorization and approval controls over assets, internal audit and all other
financial matters.
INTERNAL CONTROL SYSTEM – means all the policies and procedures (internal controls) adopted by the
management of an entity to assist in achieving management’s objective of ensuring, as far as practicable,
• Orderly and efficient conduct of its business, including adherence to management policies;
• Safeguarding of assets;
• Prevention and detection of fraud and error;
• Accuracy and completeness of the accounting records; and
• Timely preparation of reliable financial information.
From these characteristics, we can conclude that internal control system is much broader than accounting
system. It encompasses accounting system since it extends beyond those matters which relate directly to the
functions of the accounting system.
CORPORATE GOVERNANCE
• System of stewardship and control to guide organizations in fulfilling their long-term economic, moral,
legal, and social obligations towards their shareholders or members and other stakeholders.
• A system of direction, feedback, and control using regulations, performance standards, and ethical
guidelines to hold the board of directors and senior management accountable for ensuring ethical
behavior and reconciling long-term customer satisfaction with shareholder or member value to the benefit
of all stakeholders and society.
• PURPOSE – to maximize the organization’s long-term success, thereby creating sustainable value for its
shareholders/members, other stakeholders, and the nation.
ELEMENTS OBJECTIVE RESPONSIBILITY ROLES AND RESPONSIBILITIES
TCWG – exercise the corporate powers of
Those charged with
Governance Strategic control a corporation, conduct all its business,
governance
and control its properties.
Management – given the authority by the
Management
Risk Management Senior management TCWG to implement the policies it has laid
control
down in the conduct of the business.
Page | 5
Risk owners – execute daily risk
Operational
Internal control Risk owners management activities to effectively
control
address business risks
INDIRECT CONTROLS
• These controls are not sufficiently precise to prevent, detect or correct misstatements at the assertion
level
• Controls that support direct controls
• Control Environment, Entity’s Risk Assessment Process and Monitoring of Controls
DIRECT CONTROLS
• Controls that are precise enough to address risks of material misstatement at the assertion level
• Information and communication systems and Control Activities
INDIRECT CONTROLS
CONTROL ENVIRONMENT – describes a set of standards, processes and structures that provide the basis for
carrying out internal control across the organization. Control environment is the foundation of which an effective
system of internal control is built and operated in an organization.
COMPONENTS:
Elements of control environment that could be relevant when obtaining an understanding of the control
environment include the following:
OLD RULE (as per COSO Framework): (IM CPA HO)
• Communication and enforcement of Integrity and Ethical values
• Management’s philosophy and operating style
• Commitment to competence
• Participation by those charged with governance
• Assignment of authority and responsibility
• Human resources policies and procedures
• Organizational structure
The auditor shall obtain an understanding of whether the entity has a process for: (IAM)
• Identifying business risks relevant to financial reporting objectives
• Assessing the significance of risks and the likelihood of their occurrence
• Deciding how to Manage those risks
MONITORING OF CONTROLS
• Monitoring is the process of assessing the quality of internal control performance over time.
• It involves assessing the design and operations of controls on a timely basis and taking necessary
corrective actions.
• Monitoring is done to ensure that controls are present and continue to function effectively.
Page | 6
• Monitoring can be accomplished through:
✓ Ongoing monitoring activities
✓ Separate evaluations
✓ Combination of the two.
DIRECT CONTROLS
INFORMATION SYSTEM
Information is obtained or generated by management from both internal and external sources in order to support
internal control components.
An information system enables the entity to have the ability to generate timely and meaningful information. An
information system consists of:
✓ Infrastructure (physical and hardware components)
✓ Software (processes and procedures)
✓ People
✓ Input or data
✓ Output or meaningful information
COMMUNICATION
Communication involves providing an understanding of individual roles and responsibilities of the entity’s system
of internal control. The auditor gives emphasis on the communication of financial reporting roles and
responsibilities and significant matters relating to financial reporting. This includes:
✓ Between people within the entity
✓ Communications between management and those charged with governance
✓ External communications, such as those with regulatory authorities
CONTROL ACTIVITIES
Control activities are actions (generally described in policies, procedures, and standards) that help management
mitigate risks in order to ensure the achievement of objectives.
Control activities may be preventive or detective in nature and may be performed at all levels of the organization.
Page | 7
Audit Procedures Responsive to Risks of Material Misstatement at the Assertion Level
2) In designing the further audit procedures, the auditor shall:
a) Consider the reasons for the assessment given to the risk of material misstatement at the assertion
level for each class of transactions, account balance, and disclosure, including:
• The likelihood of material misstatement due to the particular characteristics of the relevant class
of transactions, account balance or disclosure (that is, the inherent risk); and
• Whether the risk assessment takes account of relevant controls (that is, the control risk), thereby
requiring the auditor to obtain audit evidence to determine whether the controls are operating
effectively (that is, the auditor intends to rely on the operating effectiveness of controls in
determining the nature, timing and extent of substantive procedures); and
b) Obtain more persuasive evidence the higher the auditor’s assessment of risk.
Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies.
TESTS OF CONTROLS
1. The auditor is required to perform tests of controls when:
• The auditor’s risk assessment includes an expectation of the operating effectiveness of controls; or
• Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.
2. Tests of the operating effectiveness of controls are performed only on those controls that the auditor has
determined are suitably designed to prevent, or detect and correct, a material misstatement in an assertion.
SUBSTANTIVE PROCEDURES
1. Substantive test procedures are performed in order to detect material misstatements at the assertion level,
and include:
• Tests of details of classes of transactions, account balances, and disclosures; and
• Substantive analytical procedures.
2. The auditor’s substantive procedures should include the following audit procedures related to the financial
statement closing process:
• Agreeing or reconciling the financial statements with the underlying accounting records; and
• Examining material journal entries and other adjustments made during the course of preparing the
financial statements.
3. The auditor should perform audit procedures to evaluate whether the overall presentation of the financial
statements, including the related disclosures, are in accordance with the applicable financial reporting
framework.
The auditor should conclude whether sufficient appropriate audit evidence has been obtained to reduce to an
acceptably low level the risk of material misstatement in the financial statements.
If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement
assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain further
audit evidence, the auditor shall express a qualified opinion or a disclaimer of opinion.
Page | 8
DOCUMENTATION
The auditor shall include in the audit document:
• The overall responses to address the assessed risks of material misstatement at the financial statement
level and the nature, timing, and extent of the further audit procedures;
• The linkage of those procedures with the assessed risks at the assertion level; and
• The results of the audit procedures.
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits,
the auditor should document the conclusions reached with regard to relying on such controls that were tested
in a prior audit.
The auditor’s documentation shall demonstrate that the financial statements agree or reconcile with the
underlying accounting records.
Page | 9