Page 65 - CA Inter Audit PARAM
P. 65
CA Ravi Taori
Assignment of authority and responsibility - Matters such as how authority and
responsibility for operating activities are assigned and how reporting relationships and
authorisation hierarchies are established.
Communication:
Communication and enforcement of integrity and ethical values – These are essential
elements that influence the effectiveness of the design, administration and monitoring of
controls.
➢ Division of Internal Control into Components:
The division of internal control into the following five components provides a useful framework for
auditors to consider how different aspects of an entity’s internal control may affect the audit t:
The control environment;
The entity’s risk assessment process;
Monitoring of controls.
Control activities; and
The information system, including the related business processes, relevant to financial
reporting, and communication;
➢ Satisfactory Control Environment - not an absolute deterrent to fraud:
The existence of a satisfactory control environment can be a positive factor when the
auditor assesses the risks of material misstatement. However, although it may help reduce
the risk of fraud, a satisfactory control environment is not an absolute deterrent to fraud.
Conversely, deficiencies in the control environment may undermine the effectiveness of
controls, in particular in relation to fraud.
For example, management’s failure to commit sufficient resources to address IT security
risks may adversely affect internal control by allowing improper changes to be made to
computer programs or to data, or unauthorized transactions to be processed. As explained
in SA 330, the control environment also influences the nature, timing, and extent of the
auditor’s further procedures.
The control environment in itself does not prevent, or detect and correct, a material
misstatement. It may, however, influence the auditor’s evaluation of the effectiveness of
other controls (for example, the monitoring of controls and the operation of specific
control activities) and thereby, the auditor’s assessment of the risks of material
misstatement.
Control Environment (Satisfactory) Positive but not Old Course -- (M16R/M17R/M17E/M18R/ M19R)
QNO
absolute deterrent to fraud.
ICS.05
Bhaskar CNO- SA315-P2.110
The existence of a satisfactory control environment can be a positive factor when the auditor assesses the
risks of material misstatement. Analyse and explain.
Answer ➢ Satisfactory Control Environment - not an absolute deterrent to fraud:
The existence of a satisfactory control environment can be a positive factor when the auditor
assesses the risks of material misstatement. However, although it may help reduce the risk
of fraud, a satisfactory control environment is not an absolute deterrent to fraud.
Conversely, deficiencies in the control environment may undermine the effectiveness of
controls, in particular in relation to fraud.
For example, management’s failure to commit sufficient resources to address IT security risks
may adversely affect internal control by allowing improper changes to be made to computer
programs or to data, or unauthorized transactions to be processed. As explained in SA 330,
the control environment also influences the nature, timing, and extent of the auditor’s
further procedures.
The control environment in itself does not prevent, or detect and correct, a material
misstatement. It may, however, influence the auditor’s evaluation of the effectiveness of
other controls (for example, the monitoring of controls and the operation of specific
control activities) and thereby, the auditor’s assessment of the risks of material
misstatement.
www.auditguru.in 3.20
