CA Ravi Taori
         4B. Assignment of authority and responsibility
            • Policies ensure appropriate business practices, expertise of key staff, and provision of necessary resources.
            • Communication ensures staff understands the entity’s objectives and their role in achieving them.
         4C. Organisational Structure
            •  Important for establishing clear authority, responsibility, and reporting lines.
            •  Depends on the entity's size and nature of operations.
         5. Communication and enforcement of integrity and ethical values
            • Control effectiveness relies on the integrity and ethical behaviour of individuals in charge.
            • The values are based on entity’s standards, their communication, and enforcement in practice.
            • Ethical policies and codes of conduct are communicated to staff.
            • Management actions help mitigate unethical temptations.

         (CNO-MRI.400) Entity’s Risk Assessment Process
         Identifying  Business  Risk:  Management  identifies  business  risks  relevant  to  the  preparation  of  financial
         statements following the entity's financial reporting framework.
         Significance of Risk: The significance of these identified risks is assessed by the management.
         Likelihood of Risk: The likelihood of these risks occurring is evaluated by the management.
         Management Response to Risk: Management may implement plans to address specific risks or choose to accept
         a risk due to cost or other considerations. This includes risks from external and internal events that may affect
         the entity's ability to report financial data.
         Circumstances leading to risks:
         Shortcut “PFA- TRAGIC” risk assessment
            • New Personnel: may have a different focus on or understanding of internal control.
            •  Expanded Foreign operations: carries new and often unique risks that may affect internal control such
              as risks  from foreign currency transactions.
            •  New Accounting pronouncements: Adoption of new or changing existing accounting principles may
              affect risks in preparing financial statements.
            •  New Technologies into production processes or information systems may change the risk  associated with
              internal control.
            • Changes in the Regulatory or operating environment can result in changes in competitive pressures and
              significantly different risks.
            • New business models, products, or Activities: Entering business areas or transactions with which an
              entity has little experience may introduce new risks associated with internal control.
            • Rapid Growth Significant and rapid expansion (Growth) of operations can strain controls and increase the
              risk of a breakdown in controls.
            •  New or revamped Information systems: Significant and rapid changes in information systems can
              change the risk relating to internal control.
            •  Corporate restructurings: Restructurings may be accompanied by staff reductions and changes in
              supervision and segregation of duties.

         (CNO-MRI.420) Control Activities
         (Shortcut: Prof SPI)
         Control Activities Relevant to Audit can be categorised as:
            •  Physical Controls: Controls that encompass:
               o The physical security of assets and records.
               o The authorisation for access to computer programs and data files.
               o The periodic counting and comparison with control records
            • Segregation of Duties: Assigning different people


        www.auditguru.in                                                                                         4.10