Internal audit activities may create a self review

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: deration should also be given to whether such non-assurance services should be provided only by personnel not involved in the financial statement audit engagement and with different reporting lines within the firm. 290.186A Where a financial statement audit client is a listed entity or public interest entity the firm or network firm should not accept an engagement to provide internal audit services. Provision of IT Systems Services to Financial Statement Audit Clients 290.187 The provision of services by a firm or network firm to a financial statement audit client that involve the design and implementation of financial information technology systems that are used to generate information forming part of a client’s financial statements may create a self-review threat. 290.188 The self-review threat is likely to be too significant to allow the provision of such services to a financial statement audit client unless appropriate safeguards are put in place ensuring that: (a) The audit client acknowledges its responsibility for establishing and monitoring a system of internal controls; (b) The audit client designates a competent employee, preferably within senior management, with the responsibility to make all management decisions with respect to the design and implementation of the hardware or software system; 84 By-Laws (On Professional Ethics, Conduct and Practice) of the Malaysian Institute of Accountants [Issued January 2007] PART I: BY-LAWS ON PROFESSIONAL ETHICS (c) The audit client makes all management decisions with respect to the design and implementation process; (d) The audit client evaluates the adequacy and results of the design and implementation of the system; and (e) The audit client is responsible for the operation of the system (hardware or software) and the data used or generated by the system. 290.189 Consideration should also be given to whether such non-assurance services should be provided only by personnel not involved in the financial statement audit engagement and with different reporting lines within the firm. 290.190 The provision of services by a firm, or network firm, to a financial statement audit client which involve either the design or the implementation of financial information technology systems that are used to generate information forming part of a client’s financial statements may also create a self-review threat. The significance of the threat, if any, should be evaluated and, if the threat is other than clearly insignificant, safeguards should be considered and applied as necessary to eliminate the threat or reduce it to an acceptable level. 290.191 The provision of services in connection with the assessment, design and implementation of internal accounting controls and risk management controls are not considered to create a threat to independence provided that firm or network firm personnel do not perform management functions. 290.191A Where a financial statement audit client is a listed entity or public in...
View Full Document

This document was uploaded on 09/23/2013.

Ask a homework question - tutors are online