Page 85 - CA Final Audit Titanium Full Book. (With Cover Pages)
P. 85

CA Ravi Taori
         Methodology of Review:
         - Enquiries from different organizational levels.
         - Reference to documentation (procedures, manuals, etc.)
         - Transactions traced to understand the accounting system.
         - Assumptions that controls operate as described.
         - Identify controls for future reliance.
         - Different techniques used to record control information. Selection based on auditor's judgement.
         Manual vs. Automated Elements:
         - Entity's internal control can be manual, automated, or both.
         - Manual controls suitable for:
           - Large, unusual, or non-recurring transactions.
           - Hard-to-predict errors.
           - Changing circumstances.
           - Monitoring automated controls.
         - Automated and manual elements impact transaction processes.
         - Entity establishes controls based on risks and system characteristics.
         Control Environment:
         - Sets the tone of an organization.
         - Influences control consciousness of individuals.
         - Encompasses governance, management functions, and attitudes.
         - Addresses importance of entity's internal control.
         Control Design and Implementation:
         - Evaluation considers prevention and detection of material misstatements.
         - Implementation indicates control usage.
         - Ineffectively designed controls could lead to material weaknesses or deficiencies.

         (CNO-MRI.520) Internal Control Assessment & Evaluation
          ➢ The quality and effectiveness of internal controls depend on the organizational environment, specifically the
              tone  at  the  top  set  by  the  Board  and  Executive  Management.  Assessing  and  evaluating  the  control
              environment involves considering key components.
         Following are some of the key components to assess & evaluate the controls environment.

         Shortcut –Delegation leads 2 to RIS e
                                           3

            • Delegation of Financial Powers Document
                   o  As organizations grow, delegating financial and other powers to employees becomes necessary.
                   o  Clearly  defined  delegation  of  powers  documents  enable  controls  to  operate  independently  of
                      individuals..
            • Enterprise Risk Management
                   o  An  organization  with  a  robust  risk  identification  and  mitigation  process,  along  with  regular
                      reviews, facilitates early detection of gaps and enables effective control measures.
                   o  In such organizations, failures in controls are expected to be minimal.
            • Information Technology based Controls
                   o  The introduction of computers and enterprise resource planning (ERP) systems has made it easier
                      to incorporate controls within the system itself, reducing reliance on human factors.
                   o   IT embedded controls are expected to have a lower failure rate, provide a better audit trail, and
                      are more convenient to monitor.
                   o  For instance, in the customer invoicing stage, ensuring accurate rates and implementing credit
                      control can be directly managed through the IT system, thus enhancing the control environment.


        www.auditguru.in                                                                                         4.14
   80   81   82   83   84   85   86   87   88   89   90