Updated: Dec 28, 2022
Internal control is designed, implemented, and maintained by those charged with governance and management of other personnel to address identified business and fraud risks that threaten the achievement of stated objectives, such as the reliability of financial reporting.
The auditor must understand how the entity addresses each of the five components of internal control as they relate to a financial statement audit.
These components are described in ISA 315 (Revised) paragraphs 4(c), 14-24 and A76-A117. Appendix 1 of ISA 315 (Revised) also provides further explanation of each of these components.
This understanding of internal control is required to determine control risk. The understanding is to be obtained irrespective of any decision by the auditor to test such controls as part of an audit strategy.
Note: Only internal controls relevant to the audit need to be identified, documented and assessed. A relevant control is one that addresses a risk of misstatement in the financial statements.
国际审计准则 315 (修订版)第4(c)、14-24 和 A76-A117 段对这些组成部分进行了描述。 国际审计准则 315 (修订版)附录 1 也对每个组成部分作了进一步解释。
In short, the entity's Objective is = Prepare Financial Statements that are not materially misstated.
简单来说，实体的目标是 = 编制没有重大误报的财务报表。
Internal Control Objectives | 内部控制的目的
Internal control is management’s response to mitigate an identified risk factor or achieve a control objective.
There is a direct relationship between an entity’s objectives and the internal control it implements to ensure its achievement.
Once objectives are set, it is possible to identify and assess potential events (risks) that would prevent the achievement of the objectives.
This information allows management to develop appropriate responses, including internal control design.
Internal control objectives can be broadly grouped into four categories:
Strategic, high-level goals that support the entity's mission;
Financial reporting (internal control over financial reporting);
Operations (operational controls); and
Compliance with laws and regulations.
Internal control relevant to an audit primarily pertains to financial reporting.
This addresses the entity’s objective of preparing financial statements for external purposes.
Operational controls, such as production and staff scheduling, quality control, and employee compliance with health and safety requirements, would not normally be relevant to the audit, except where:
The information produced is used to develop an analytical procedure, or
The information is required for disclosure in the financial statements.
For example, if production statistics were used as a basis for an analytical procedure, the controls to ensure the accuracy of such data would be relevant. If non-compliance with certain laws and regulations has a direct and material effect on the financial statements, the controls for detecting and reporting such non-compliance would be relevant.
Internal Control Components | 内部控制组成部分
The term “internal control” used in ISA 315 (Revised) is broader than control activities such as segregation of duties, authorisations, account reconciliations, etc.
Internal control encompasses five key components:
The control environment;
The entity’s risk assessment process;
The information system, including the related business processes relevant to financial reporting and communication;
Control activities relevant to the audit; and
Monitoring of internal control.
国际审计准则 315（修订版）中使用的 "内部控制 "一词比职责分离、授权、账户核对等控制活动更为广泛。
These components relate to the entity’s financial reporting objectives and are illustrated below.
The division of internal control into these five components provides a useful framework for auditors to understand the different aspects of an entity’s internal control system.
However, it should be noted that:
How the internal control system is designed and implemented will vary based on the entity’s size and complexity.
Smaller entities often use less formal means and simpler processes and procedures to achieve their objectives.
The five components of internal control may not be so distinguished; however, their underlying purposes are equally valid.
For example, an owner-manager may (and, in the absence of additional staff, should) perform functions belonging to several internal control components.
Different terminology or frameworks from those used in ISA 315 (Revised) can be used to describe the various aspects of internal control and their effect on the audit, but all five components are to be addressed in the audit.
The auditor’s primary consideration is whether and how a specific control prevents, detects, and corrects material misstatements in classes of transactions, account balances, or disclosures and their related assertions.
Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.
Keep in touch with us so that you can receive timely updates |
6. LinkedIn ✍ https://www.linkedin.com/company/74734209/admin/