100%(2)2 out of 2 people found this document helpful
This preview shows page 127 - 129 out of 346 pages.
people are involved in carrying out steps in some and/or all stages of a process, including performing control activities •IT systems involved in the process record the transactions and store the data used to produce the financial statements. In addition, automated controls operate within the IT systems.
Audit & Assurance Chartered Accountants ProgramPage 4-20Core content – Unit 4Example – Understanding the flow of a transaction in a sales process • The point at which a transaction begins – a triggering event• Example: A customer calls the sales department and places an order over the phoneInitiation• The point at which the transaction is first entered into the entity's information system• Example: A sales representative keys the customer's phone order (date, customer ID, customer name, product code, quantity, sales amount) into the sales database• This is the broadest phase and covers any steps that need to be taken before the transaction can be reported in the general ledger• Example: The sales database generates an 'end of day' (EOD) file containing all the sales orders entered into the database during the day, which is uploaded to the server at 10pm each nightRecordingProcessing• The point at which the transaction is reported in the general ledger – i.e. when the journal entry is posted• Example: The accounting system automatically records a sales journal (DR Accounts Receivable/CR Sales) using the information in each EOD fileReportingThe auditor may choose to perform a walk-through (discussed below) as part of obtaining an understanding of the flow of transactions in a process. Required readingISA 315 (Revised) paras 18 and 20–21 and related application paragraphs.Obtaining an understanding of relevant process level controlsAs mentioned earlier in this unit, auditors do not need to obtain an understanding of all controls implemented by management. Their focus is on obtaining an understanding of controls relevant to the audit. The auditor uses their professional judgement in making this determination. Note, however, that whenever the auditor determines that a significant risk exists, they must evaluate the design and implementation of controls over the significant risk. Types of process level controlsTo assess which control would be most effective in addressing the identified risk, the auditor would consider the activity performed and the type of control. Controls can be categorised in many ways – for example, by their objective, their degree of dependence on IT and the nature of the control. The objective of a control relates to how the control attempts to address the risk – that is, either by preventing, or detecting and correcting, a material misstatement.