Page 1 of 13 AT-5910 CPA REVIEW SCHOOL OF THE PHILIPPINES M a n i l a AUDITING THEORY INTERNAL CONTROL Related PSAs/PAPSs: PSA 400, 402 and 315 The auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach. Accounting system means the series of tasks and records of an entity by which transactions are processed as a means of maintaining financial records. Such systems identify, assemble, analyze, calculate, classify, record, summarize and report transactions and other events. Internal Control System means all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management’s objective of ensuring, as far as practicable,: • orderly and efficient conduct of its business, including adherence to management policies; • safeguarding of assets; • prevention and detection of fraud and error; • accuracy and completeness of the accounting records; and • timely preparation of reliable financialinformation. The internal control system extends beyond those matters which relate directly to the functions of the accounting system. Internal Control Components (PSA 315) (a) The control environment; (b) The entity’s risk assessment process; (c) The information system, including the related business processes, relevant to financial reporting, and communication; (d) Control activities; and (e) Monitoring of controls. Control environment The control environment includes the attitudes, awareness, and actions of management and those charged with governance concerning the entity’s internal control and its importance in the entity. The control environment also includes the governance and management functions and sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for effective internal control, providing discipline and structure. The control environment encompasses the following elements: • Communication and enforcement of integrity and ethical values. • Commitment to competence. • Participation by those charged with governance. • Management’s philosophy and operating style. • Organizational structure. • Assignment of authority and responsibility. • Human resource policies and practices. Entity’s risk assessment process An entity’s risk assessment process is its process for identifying and responding to business risks and the results thereof. For financial reporting purposes, the entity’s risk assessment process includes how management identifies risks relevant to the preparation of financial statements that are presented fairly, in all material respects in accordance with the entity’s applicable financial reporting framework, estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them. |