The requirements and application guidance for ‘Obtaining an Understanding of the Entity and Its Environment, the Applicable Financial Reporting Framework and the Entity’s System of Internal Control’ are extensive and challenging. Experience has shown that auditors have struggled with previous requirements, particularly documentation on transaction flows and key controls. Often the problem comes about by just rolling over work done previously without an effort to revisit what had been done.
This session addresses:
- Understanding the system of internal control (Appendix 3)
- Internal control components
- Understanding an entity’s risk-assessment process
- Monitoring internal controls
- Understanding sources of information, including those beyond general and subsidiary ledgers
- Information systems and communication
- Control activities – assertions, significant risks, journals, testing the operating effectiveness, control deficiencies
- An entity’s internal audit function (Appendix 4), and
- Documentation.