Page 85 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 85
CA Ravi Taori
Methodology of Review:
- Enquiries from different organizational levels.
- Reference to documentation (procedures, manuals, etc.)
- Transactions traced to understand the accounting system.
- Assumptions that controls operate as described.
- Identify controls for future reliance.
- Different techniques used to record control information. Selection based on auditor's judgement.
Manual vs. Automated Elements:
- Entity's internal control can be manual, automated, or both.
- Manual controls suitable for:
- Large, unusual, or non-recurring transactions.
- Hard-to-predict errors.
- Changing circumstances.
- Monitoring automated controls.
- Automated and manual elements impact transaction processes.
- Entity establishes controls based on risks and system characteristics.
Control Environment:
- Sets the tone of an organization.
- Influences control consciousness of individuals.
- Encompasses governance, management functions, and attitudes.
- Addresses importance of entity's internal control.
Control Design and Implementation:
- Evaluation considers prevention and detection of material misstatements.
- Implementation indicates control usage.
- Ineffectively designed controls could lead to material weaknesses or deficiencies.
(CNO-MRI.520) Internal Control Assessment & Evaluation
➢ The quality and effectiveness of internal controls depend on the organizational environment, specifically the
tone at the top set by the Board and Executive Management. Assessing and evaluating the control
environment involves considering key components.
Following are some of the key components to assess & evaluate the controls environment.
Shortcut –Delegation leads 2 to RIS e
3
• Delegation of Financial Powers Document
o As organizations grow, delegating financial and other powers to employees becomes necessary.
o Clearly defined delegation of powers documents enable controls to operate independently of
individuals..
• Enterprise Risk Management
o An organization with a robust risk identification and mitigation process, along with regular
reviews, facilitates early detection of gaps and enables effective control measures.
o In such organizations, failures in controls are expected to be minimal.
• Information Technology based Controls
o The introduction of computers and enterprise resource planning (ERP) systems has made it easier
to incorporate controls within the system itself, reducing reliance on human factors.
o IT embedded controls are expected to have a lower failure rate, provide a better audit trail, and
are more convenient to monitor.
o For instance, in the customer invoicing stage, ensuring accurate rates and implementing credit
control can be directly managed through the IT system, thus enhancing the control environment.
www.auditguru.in 4.14