The control environment is the foundation for effective internal control, providing discipline and structure for the entity.
It sets the tone of an organisation, influencing its people's control consciousness or awareness.
The control environment addresses the governance and management functions. It also addresses the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and importance.
Note: Control-environment controls are generally pervasive in nature.
They will not directly prevent or detect and correct a material misstatement. Instead, they form an important foundation upon which all other controls will be built.
Exhibit 5.3-1 outlines the various elements of the control environment that need to be considered. Note that the importance and order (priority) of these elements will inevitably vary from entity to entity.
Control environment controls will influence the auditor’s evaluation of the effectiveness of other control activities that may address specific areas such as sales and purchase transactions.
For example, suppose management has a negative attitude toward control in general. In that case, this will undermine the effectiveness of other controls (such as sales, etc.) no matter how well they were designed.
The auditor’s evaluation of the design of the entity’s control environment would include the elements set out below.
Key Elements to Address | 需要解决的关键因素
Communication and Enforcement of Integrity and Other Ethical Values
Integrity and ethical values are essential (foundational) elements which influence the effectiveness of the design, administration, and monitoring of other controls.
Commitment to Competence
Management’s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge.
Participation by Those Charged with Governance
Attributes of those charged with governance, such as
Their independence from management;
Their experience and stature;
The extent of their involvement and the information they receive, the scrutiny of activities; and
The appropriateness of their actions, including the degree to which difficult questions are raised and pursued with management, and their interaction with internal and external auditors.
Management’s Philosophy and Operating Style
Management’s approach to taking and managing business risks and management’s attitudes and actions toward financial reporting, information processing, accounting functions, and personnel.
The framework within which an entity’s activities for achieving its objectives are planned, executed, controlled, and reviewed.
Assignment of Authority and Responsibility
How authority and responsibility for operating activities are assigned, and how reporting relationships and authorisation hierarchies are established.
Human Resources Policies and Practices
Recruitment, orientation, training, evaluating, counselling, promoting, compensating, and remedial actions.
The controls outlined above are pervasive to the entire entity and are often more subjective to evaluate than the traditional control activities (such as segregation of duties).
Therefore, the auditor will exercise professional judgment in this evaluation. Control-environment strengths can compensate for or even replace weak transactional controls in some situations.
However, control-environment weaknesses can undermine and even negate good design in other components of internal control.
For example, if a culture of honesty and ethical behaviour did not exist, the auditor would have to consider carefully what types of (additional) audit procedures would be effective in finding material misstatements in the financial statements.
In some cases, the auditor may conclude that internal control has broken down to such an extent that the only option is to withdraw.