Auditing and Assurance Standards and Guidance

Auditing Standards (Ireland)

FRC ISAs (UK and Ireland) applicable for periods beginning on or after 15 December 2010 but before 17 June 2016

ISA (UK and Ireland) 315 Identifying and assessing the risk of material misstatement through understanding the entity and its environment

ISA (UK and Ireland) 315 applicable for periods ending on or after 15 December 2010
Application and Other Explanatory Material
The Required Understanding of the Entity and Its Environment, Including the Entity's Internal Control
The Entity's Internal Control (Ref: Para. 12 )
Components of Internal Control— Control Activities (Ref: Para. 20 )
A88.Control activities are the policies and procedures that help ensure that management directives are carried out. Control activities, whether within IT or manual systems, have various objectives and are applied at various organizational and functional levels. Examples of specific control activities include those relating to the following:
 dotbulletAuthorization.
 dotbulletPerformance reviews.
 dotbulletInformation processing.
 dotbulletPhysical controls.
 dotbulletSegregation of duties.
A89.Control activities that are relevant to the audit are:
 dotbulletThose that are required to be treated as such, being control activities that relate to significant risks and those that relate to risks for which substantive procedures alone do not provide sufficient appropriate audit evidence, as required by paragraphs 29 and 30, respectively; or
 dotbulletThose that are considered to be relevant in the judgment of the auditor.
A90.The auditor's judgment about whether a control activity is relevant to the audit is influenced by the risk that the auditor has identified that may give rise to a material misstatement and whether the auditor thinks it is likely to be appropriate to test the operating effectiveness of the control in determining the extent of substantive testing.
A91.The auditor's emphasis may be on identifying and obtaining an understanding of control activities that address the areas where the auditor considers that risks of material misstatement are likely to be higher. When multiple control activities each achieve the same objective, it is unnecessary to obtain an understanding of each of the control activities related to such objective.
A92.The auditor's knowledge about the presence or absence of control activities obtained from the understanding of the other components of internal control assists the auditor in determining whether it is necessary to devote additional attention to obtaining an understanding of control activities.
Top Licence and copyright © 2018, LexisNexis Group a division of Reed Elsevier (UK) Ltd. All rights reserved.