免费咨询热线:400-699-1716 
微信
APP
ACCA AA审计控制IT环境
文章来源:ACCA全球官网
发布时间:2021-09-26 14:13
阅读:797次
Controls over the IT environment
ISA 315(Revised)includes enhanced auditor considerations relating to IT,including new and updated material for understanding IT and general IT controls.The auditor needs to understand how the entity processes information,and how this data is used throughout the business.There should be an understanding of the accounting records,how the information is captured and controlled and how these flow into the accounts in the financial statements.【点击免费下载>>>更多ACCA学习相关资料】
The internal control of an entity generally benefits from the use of an IT system,for example by:
Applying consistent business rules
Performing complex or repetitive bulk calculations
Facilitating analysis of information
Improving timeliness,availability and accuracy of information
Reducing the risk that controls can be avoided and enhancing the segregation of duties.
An IT system will only be as good as the controls which support it;therefore,it is imperative that an assessment is made of the related risks of using IT and the entity’s general IT controls.General IT controls alone are not adequate,and an assessment should be made to understand how management monitor the IT controls,permissions,errors or control deficiencies across the IT environment.
Larger businesses may have fully integrated and possibly bespoke ERP systems(Enterprise Resource Planning),whereas smaller entities are likely to have less complex,commercial software.ISA 315(Revised)provides examples of potential issues and possible tests in Appendix 5 and 6.The need to obtain an understanding of the IT environment within an entity remains important when assessing the risk and designing the relevant audit procedures.
Manual and automation
An entity’s system of internal control will usually contain manual elements(such as authorising a purchase invoice)and automated elements(such as password-protected applications).
Automated controls are generally considered to be more reliable than manual controls because they are not easily bypassed,ignored or overridden.For example,logging into the online banking system will require a password which cannot be ignored or if the password entered is incorrect,the system will prevent access.Similarly,if a customer has not paid their invoices on time,an automated sales order processing system will prevent them from ordering further goods until they pay the overdue balance.
Detection risk
The last element of the audit risk model is detection risk which is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will fail to detect a misstatement which exists that could be material.Candidates should keep in mind that detection risk is the only risk under the control of the auditor.Also remember that detection risk is not part of the risk of material misstatement.
Stand-back requirement
Once the auditor has obtained the required level of understanding and has identified the significant classes of transactions,account balances and disclosures,the auditor must‘stand back’and evaluate the audit evidence arising from their risk assessment procedures.
Once this understanding has been obtained(and throughout the audit process)the auditor must apply professional scepticism in critically evaluating the audit evidence and knowledge.
For material classes of transactions,account balances or disclosures that have not been determined as significant,the auditor is required to assess,using professional judgement,whether this determination still remains appropriate.
This requirement has been introduced into ISA 315(Revised)to prompt the auditor to confirm the completeness of the identified risks.In other words,requiring the auditor to focus their attention on material classes of transactions,account balances and disclosures that have not been determined as significant and to assess whether this remains the case on evaluating all of the evidence obtained from the risk assessment procedures which have been performed.
Scalability
The requirements introduced by ISA 315(Revised)are extensive and will impact the audits of larger or more complex entities.However,there are provisions throughout the standard which allow for scalability,whereby smaller or less complex entities will involve less onerous assessments.Auditors can apply the principles in ISA 315(Revised)to entities of different sizes and different levels of complexity within the control systems,including the IT environment.
Conclusion
Candidates must ensure that they are using up-to-date study materials which reflect the provisions of ISA 315(Revised 2019)from the September 2021 exam session.There are a number of revisions to the standard which could be examined,and it is important that candidates have a sound awareness of the changes reflected in the revised ISA.
References:
(1)ISA 315(Revised 2019),Identifying and Assessing the Risks of Material Misstatement,para.11
(2)ISA 315(Revised),para.4
Written by a member of the Advanced Audit and Assurance examining team
相关阅读:【ACCA AA审计目标和风险评估】
2022年ACCA最新学习资料包
请大家认真填写以下信息,获取2025年ACCA学习资料包,会以网盘链接的形式给到大家,点击免费领取后请尽快保存。
*姓名不能为空
*手机号错误
*验证码错误
考试问答
Li Joyce
讲师认证:
传统的英式教育下培养出纯正的英语口语、扎实的专业基础和多维的思辨能力。曾就职于总部位于美国硅谷的国际化高科技上市公司UT斯达康财务部;欧洲最大的金融控股集团-瑞士联合银行集团(UBS)投资部。期间一直兼任英语口语,宏微观经济及ACCA的教学。 擅长把多年的金融、会计实际操作经验与不断总结的教学方式相结合,带领同学在有趣的会计情境中徜徉,深思,欣赏。
免费下载老师推荐的学习资料
免费直播
