当前位置：中博教育 > ACCA > 学习指导 > ACCA AA审计的控制风险

ACCA AA审计的控制风险

文章来源：ACCA全球官网

发布时间：2021-09-26 14:10

阅读：618次

Control risk

Understanding the entity’s system of internal control

Control risk is the risk that the entity’s system of internal control will not prevent or detect and correct a misstatement on a timely basis.This can be due to weak or absent internal controls.ISA 315(Revised)sets out the components of the entity’s system of internal control.Candidates need to be familiar with the components set out in ISA 315 as AA exam questions may ask candidates to describe or explain the components of the entity’s system of internal control.【点击免费下载>>>更多ACCA学习相关资料】

企业微信截图_16326364323453.png

For further details on the components of an entity’s system of internal control refer to Appendix 3 included in ISA 315(Revised 2019).

At the planning stage of the audit,the auditor will consider whether the audit procedures will include planned reliance on the operating effectiveness of controls.Reliance on an entity’s system of internal control can reduce the level of substantive procedures the auditor performs.If the auditor does plan to test the effectiveness of the entity’s controls,this is based on the expectation that the controls are operatively effectively.

ISA 315(Revised)stresses that the auditor’s assessment of the risks is affected by their understanding of each of the components of the entity’s system of internal control.This understanding of how management identify and assess the business risks of the entity would be gained at the planning stage by discussions with management or inspecting reports or procedures.

If the auditor does not plan to test the operating effectiveness of the entity’s internal controls,ISA 315(Revised)states that in this case,the risk of material misstatement is the same as the assessment of inherent risk.In other words,if the auditor is not planning on testing the controls,they assume there are no controls present in their risk assessment.Further information on the testing of controls is covered in ISA 330.

Direct/indirect controls

Direct controls are specific controls which are precise enough to address the risk of material misstatement at the assertion level,for example,performing a monthly reconciliation of the bank account which is reviewed,and all differences are resolved.This is an example of a direct control as it ensures the existence and accuracy of the asset(bank)at the period end.

Indirect controls,such as general IT controls,are those which are not sufficiently precise to prevent,detect or correct material misstatement at the assertion level.However indirect controls may support direct controls and therefore have an indirect effect on the likelihood that a misstatement can be detected or prevented.