iaasb main agenda (september 2005) page 2005·1717 · pdf fileiaasb main agenda...
TRANSCRIPT
IAASB Main Agenda (September 2005) Page 2005·1717 Agenda Item
4-B.1
Prepared by: James Gunn (August 2005) Page 1 of 56
Analysis of ISA 315 and Mapping Document 1. Exhibit 1 sets out statements in ISA 315 that use the present tense to describe auditor actions,
and the proposed treatment of whether the actions should be redrafted as a requirement, or redrafted to make clear that it is explanatory material. Paragraph references to extant ISA 315 and to the redrafted ISA 315 (presented in Agenda Item 4-B) are provided.
2. Exhibit 2 sets out extant ISA 315 and maps each of its paragraphs (which may have been reworded as necessary) to the redrafted ISA 315 (Agenda Item 4-B). The highlight material indicates sentences and paragraphs that are proposed to be deleted as part of the redrafting. An explanation of the proposed deletion and other comments are provided, where appropriate.
Exhibit 1
Para Existing Present Tense Statements Change to “shall”
New Para
Rationale and Comments
Risk Assessment Procedures and Sources of Information
8 In addition, the auditor performs other audit procedures where the information obtained may be helpful in identifying risks of material misstatement.
No - Not capable of reasonable measurement of performance / does not in of itself enhance consistency. However, the extant requirement on risk assessment procedures has been changed to “should include…” to emphasize that the specified procedures are not comprehensive. See redrafted ISA 315.6.
9 …In determining others within the entity to whom inquiries may be directed, and the extent of those inquiries, the auditor considers what information may be obtained that helps the auditor in identifying risks of material misstatement.
Yes 6a Clarifies the extant requirement to inquire of others within the entity.
10 In performing analytical procedures as risk assessment procedures, the auditor develops expectations about plausible relationships that are reasonably expected to exist. … Accordingly, the auditor considers the results of such analytical procedures along with other information gathered in identifying the risks of material misstatement.
No
No
- -
Explains how to perform an analytical procedure. Explains inherent limitation of use of analytical procedures as a risk assessment procedure. Further, it is unnecessary as this consideration is implicit to the auditor’s evaluation of audit evidence (see requirements in ISA 330 and 500)
12 …The auditor makes inquiries and performs other appropriate audit procedures, such as walk-throughs of systems, to determine whether changes have occurred that may affect the relevance of such information
No - Illustrates types of procedures to be carried out. Paraphrases existing requirement.
13 When relevant to the audit, the auditor also considers other information such as that obtained from the
Yes 7 Such consideration appears appropriate in a high quality
Clarity IAASB Main Agenda (September 2005) Page 2005·1718
Agenda Item 4-B.1 Page 2 of 56
auditor’s client acceptance or continuance process or, where practicable, experience gained on other engagements performed for the entity, for example, engagements to review interim financial information.
audit.
Understanding the Entity and Its Environment 23 The industry in which the entity operates may give rise
to specific risks of material misstatement….In such cases, the auditor considers whether the engagement team includes members with sufficient relevant knowledge and experience.
No - Reflects or paraphrases a requirement already established in ISA 220 (Revised).
24 …The auditor considers whether local regulations specify certain financial reporting requirements for the industry in which the entity operates, since the financial statements may be materially misstated in the context of the applicable financial reporting framework…
No - Local regulations and requirements are now considered an integral part of the financial reporting framework and are covered by the requirements of ISA 200.
28 …The auditor also identifies financial reporting standards and regulations that are new to the entity and considers when and how the entity will adopt such requirements…. Where the entity has changed its selection of or method of applying a significant accounting policy, the auditor considers the reasons for the change and whether it is appropriate and consistent with the requirements of the applicable financial reporting framework.
No
Yes
- 10c
Reflects the existing requirement to understand the applicable financial reporting framework. Understanding management’s reasons for a change in accounting policy and the appropriateness thereof is essential to the risk assessment.
29 The auditor considers whether the entity has disclosed a particular matter appropriately in light of the circumstances and facts of which the auditor is aware at the time.
No - Reflects the requirements of ISA 700 (Revised).
39 …When the auditor intends to make use of the performance measures for the purpose of the audit (for example, for analytical procedures), the auditor considers whether the information related to management’s review of the entity’s performance provides a reliable basis and is sufficiently precise for such a purpose. If making use of performance measures, the auditor considers whether they are precise enough to detect material misstatements.
Yes - Essential in enhancing consistent and appropriate use of information obtained and achieving a high quality audit. For purposes of redrafting the ISAs, however, it is proposed that this new requirement (and its equivalent in extant para. 99) be placed as part of extant ISA 500.11. See redrafted ISA 500.
48 …It is a matter of the auditor’s professional judgment…whether a control, individually or in combination with others, is relevant to the auditor’s considerations in assessing the risks of material misstatement and designing and performing further procedures in response to assessed risks. In exercising that judgment, the auditor considers the circumstances, the applicable component and factors such as the following: • The auditor’s judgment about materiality • The size of the entity. • The nature of the entity’s business, including its
No
-
Illustrate matters the auditor considers in exercising judgment.
Clarity IAASB Main Agenda (September 2005) Page 2005·1719
Agenda Item 4-B.1 Page 3 of 56
organization and ownership characteristics. • The diversity and complexity of the entity’s
operations. • Applicable legal and regulatory requirements. • The nature and complexity of the systems that are
part of the entity’s internal control, including the use of service organizations.
54 Obtaining an understanding of internal control involves evaluating the design of a control and determining whether it has been implemented…. ….The auditor considers the design of a control in determining whether to consider its implementation.
Yes
No
13 -
Essential procedure in achieving the objective of the ISA. Explains how the [above new] requirement is conducted.
63 The extent and nature of the risks to internal control vary depending on the nature and characteristics of the entity’s information system. Therefore in understanding internal control, the auditor considers whether the entity has responded adequately to the risks arising from the use of IT or manual systems by establishing effective controls.
No - Explains how to carry out the existing requirement to understand how the entity has responded to the risks of IT. (Note: It is proposed to expand the extant requirement to understand the entity’s response to IT, to include manual systems – see redrafted ISA 315.14e)
68 …In evaluating the design of the control environment and determining whether it has been implemented, the auditor understands how management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior, and established appropriate controls to prevent and detect fraud and error within the entity.
Yes 14a Necessary to the performance of a high quality audit. Represents an essential procedure, set at the right level, in understanding the control environment.
69 In evaluating the design of the entity’s control environment, the auditor considers the following elements and how they have been incorporated into the entity’s processes: (a) Communication and enforcement of integrity
and ethical values—essential elements which influence the effectiveness of the design, administration and monitoring of controls.
(b) Commitment to competence—management’s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge.
(c) Participation by those charged with governance—independence from management, their experience and stature, the extent of their involvement and scrutiny of activities, the information they receive, the degree to which difficult questions are raised and pursued with management and their interaction with internal and external auditors.
(d) Management’s philosophy and operating style—management’s approach to taking and managing business risks, and management’s attitudes and actions toward financial reporting, information processing and accounting functions and
Yes 14a Given the proportionate importance of understanding the control environment to the objectives of the ISA, it would seem appropriate to specify the elements that need to be considered. Including a requirement to consider each of the elements (i.e., the headings of (a)-(g)) would appear to be no different from the specification of the control components. [Note: An alternative view may be taken that the proposed new “should” statement from para. 68 (above) set the expectation at the right level, and that a requirement to consider each element in para. 69 may be too prescriptive and thereby result in a check-list approach to fulfilling the new requirement of para. 68.
Clarity IAASB Main Agenda (September 2005) Page 2005·1720
Agenda Item 4-B.1 Page 4 of 56
personnel. (e) Organizational structure—the framework within
which an entity’s activities for achieving its objectives are planned, executed, controlled and reviewed.
(f) Assignment of authority and responsibility—how authority and responsibility for operating activities are assigned and how reporting relationships and authorization hierarchies are established.
(g) Human resource policies and practices—recruitment, orientation, training, evaluating, counseling, promoting, compensating and remedial actions.
The IAASB is asked to advise on the recommended treatment.]
70 In understanding the control environment elements, the auditor also considers whether they have been implemented… …Ordinarily, the auditor obtains relevant audit evidence through a combination of inquiries and other risk assessment procedures, for example, corroborating inquiries through observation or inspection of documents. …The auditor determines whether controls have been implemented by considering, for example, whether management has established a formal code of conduct and whether it acts in a manner that supports the code or condones violations of, or authorizes exceptions to the code.
No
No
No
- - -
Repeats proposed new requirement – see para. 54 above. Illustrative in nature. Illustrative in nature.
72 In understanding the design of the control environment, the auditor considers such matters as the independence of the directors and their ability to evaluate the actions of management. The auditor also considers whether there is an audit committee that understands the entity’s business transactions and evaluates whether the financial statements give a true and fair view (or are presented fairly, in all material respects) in accordance with the applicable financial reporting framework.
No - Illustrative in nature. Further, a requirement for the auditor to consider the independence of directors and the existence of an audit committee may not be applicable in all jurisdictions.
73 …The auditor’s evaluation of the design of the entity’s control environment includes considering whether the strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal control, and are not undermined by control environment weaknesses.
Yes 14a Essential procedure in achieving the objective of the ISA.
77 In evaluating the design and implementation of the entity’s risk assessment process, the auditor determines how management identifies business risks relevant to financial reporting, estimates the significance of the risks, assesses the likelihood of their occurrence, and decides upon actions to manage them.
Yes 14b Additional specificity in the elements of the auditor’s evaluation would assist consistency in practice. Clarifies extant requirement in para. 76.
78 The auditor inquires about business risks that Yes 14b Essential procedure in
Clarity IAASB Main Agenda (September 2005) Page 2005·1721
Agenda Item 4-B.1 Page 5 of 56
management has identified and considers whether they may result in material misstatement. During the audit, the auditor may identify risks of material misstatement that management failed to identify. In such cases, the auditor considers whether there was an underlying risk of a kind that should have been identified by the entity’s risk assessment process, and if so, why that process failed to do so and whether the process is appropriate to its circumstances. If, as a result, the auditor judges that there is a material weakness in the entity’s risk assessment process, the auditor communicates to those charged with governance as required by paragraph 120.
No
-
achieving the objective of the ISA. Reflects the extant requirements in para. 120.
79 In a smaller entity, management may not have a formal risk assessment process as described in paragraph 76. For such entities, the auditor discusses with management how risks to the business are identified by management and how they are addressed.
No - Explains the application of an existing requirement.
82 In obtaining this understanding, the auditor considers the procedures used to transfer information from transaction processing systems to general ledger or financial reporting systems. The auditor also understands the entity’s procedures to capture information relevant to financial reporting for events and conditions other than transactions, such as the depreciation and amortization of assets and changes in the recoverability of accounts receivables.
Yes
No
14c -
Considering how information is transferred to the G/L appears important in a high quality audit. Repeats, and provides an example of, the extant requirement in para. 81.
86 In obtaining an understanding, the auditor considers risks of material misstatement associated with inappropriate override of controls over journal entries and the controls surrounding non-standard journal entries. …Furthermore, the auditor maintains an awareness that when IT is used to transfer information automatically, there may be little or no visible evidence of such intervention in the information systems.
Yes
No
14c -
Important in a high quality audit, and also assist in establishing a ‘hook’ for the “should” statement of para. 76 in extant ISA 240. Explanatory in nature.
87 The auditor also understands how the incorrect processing of transactions is resolved…
Yes 14c Important in a high quality audit and in obtaining an understanding of the entity’s business processes.
88 The auditor obtains an understanding of the entity’s information system relevant to financial reporting in a manner that is appropriate to the entity’s circumstances. This includes obtaining an understanding of how transactions originate within the entity’s business processes.
No - Explains how to carry out the extant requirement in para. 81.
89 The auditor’s understanding of communication Yes 14d Essential to a high quality
Clarity IAASB Main Agenda (September 2005) Page 2005·1722
Agenda Item 4-B.1 Page 6 of 56
pertaining to financial reporting matters also includes communications between management and those charged with governance, particularly the audit committee, as well as external communications such as those with regulatory authorities.
audit.
92 The auditor considers the knowledge about the presence or absence of control activities obtained from the understanding of the other components of internal control in determining whether it is necessary to devote additional attention to obtaining an understanding of control activities. In considering whether control activities are relevant to the audit, the auditor considers the risks the auditor has identified that may give rise to material misstatement…
No - Explanatory in nature.
93 The use of IT affects the way that control activities are implemented. The auditor considers whether the entity has responded adequately to the risks arising from IT by establishing effective general IT-controls and application controls.
No - Explains how to carry out the existing requirement to understand how the entity has responded to the risks of IT.
99 …The auditor obtains an understanding of the sources of the information related to the entity’s monitoring activities, and the basis upon which management considers the information to be sufficiently reliable for the purpose. When the auditor intends to make use of the entity’s information produced for monitoring activities, such as internal auditor’s reports, the auditor considers whether the information provides a reliable basis and is sufficiently detailed for the auditor’s purpose.
Yes
Yes
14f -
Essential in obtaining an appropriate understanding of the design of monitoring activities as a component of internal control. See comment on extant para. 39 above.
Assessing the Risks of Material Misstatements 100 …For this purpose, the auditor:
• Identifies risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements;
• Relates the identified risks to what can go wrong at the assertion level;
• Considers whether the risks are of a magnitude that could result in a material misstatement of the financial statements; and
• Considers the likelihood that the risks could result in a material misstatement of the financial statements.
Yes 16 Additional specificity in the elements of the auditor’s risk assessment process would assist consistency in practice. Clarifies extant requirement in para. 100.
101 The auditor uses information gathered by performing risk assessment procedures, including the audit evidence obtained in evaluating the design of controls and determining whether they have been implemented, as audit evidence to support the risk assessment. The auditor uses the risk assessment to determine the nature, timing, and extent of further audit procedures to be performed.
No - Explanatory in nature.
Clarity IAASB Main Agenda (September 2005) Page 2005·1723
Agenda Item 4-B.1 Page 7 of 56
102 The auditor determines whether the identified risks of material misstatement relate to specific classes of transactions, account balances, and disclosures and related assertions, or whether they relate more pervasively to the financial statements as a whole and potentially affect many assertions.
No - Reflect, and explains further, the extant requirements in para. 100. Primarily explanatory in nature in how to carry out that requirement.
104 ….Generally, the auditor gains an understanding of controls and relates them to assertions in the context of processes and systems in which they exist.
No - Explanatory in nature.
107 The auditor’s understanding of internal control may raise doubts about the auditability of an entity’s financial statements… … In such circumstances, the auditor considers a qualification or disclaimer of opinion, but in some cases the auditor’s only recourse may be to withdraw from the engagement
No
-
Reflects the requirements of ISA 701.
109 The determination of significant risks, which arise on most audits, is a matter for the auditor’s professional judgment. In exercising this judgment, the auditor excludes the effect of identified controls related to the risk to determine whether the nature of the risk, the likely magnitude of the potential misstatement including the possibility that the risk may give rise to multiple misstatements, and the likelihood of the risk occurring are such that they require special audit consideration…. In considering the nature of the risks, the auditor considers a number of matters, including the following: • Whether the risk is a risk of fraud. • Whether the risk is related to recent significant
economic, accounting or other developments and, therefore, requires specific attention.
• The complexity of transactions. • Whether the risk involves significant transactions
with related parties. • The degree of subjectivity in the measurement of
financial information related to the risk especially those involving a wide range of measurement uncertainty.
• Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.
Yes
Yes
18 19
Clarifying that the auditor excludes the effect of identified controls related to the risk is essential to a consistent determination of significant risks. Remainder of the sentence is repetitive of proposed new para. 16. Essential to a consistent determination of significant risks.
113 Therefore, the auditor’s understanding of whether the entity has designed and implemented controls for such significant risks includes whether and how management responds to the risks and whether control activities such as a review of assumptions by senior management or experts, formal processes for estimations or approval by those charged with governance have been implemented to address the risks.
No - Illustrative in nature.
114 If management has not appropriately responded by implementing controls over significant risks and if, as a result, the auditor judges that there is a material
No
-
Cross references to existing requirement in para. 120.
Clarity IAASB Main Agenda (September 2005) Page 2005·1724
Agenda Item 4-B.1 Page 8 of 56
weakness in the entity’s internal control, the auditor communicates this matter to those charged with governance as required by paragraph 120. …In these circumstances, the auditor also considers the implications for the auditor’s risk assessment.
No
-
Reflects the extant requirement in ISA 330.66.
119 …In circumstances where the auditor obtains audit evidence from performing further audit procedures that tends to contradict the audit evidence on which the auditor originally based the assessment, the auditor revises the assessment and modifies the further planned audit procedures accordingly…
Yes 22 Important step in light of the cumulative and iterative nature of the audit process.
121 If the auditor identifies risks of material misstatement which the entity has either not controlled, or for which the relevant control is inadequate, or if in the auditor’s judgment there is a material weakness in the entity’s risk assessment process, then the auditor includes such internal control weaknesses in the communication of audit matters of governance interest.
Yes 4c and 23
See definition of material weakness, which would be reported to those charged with governance by virtue of extant para. 120.
Clarity IAASB Main Agenda (September 2005) Page 2005·1725
Agenda Item 4-B.1 Page 9 of 56
Other Statements
Observation and Inspection 11 Such audit procedures ordinarily include…Tracing
transactions through the information system relevant to financial reporting (walk-throughs).
Yes 6c Specifying ‘walk-throughs’ as a specific element of the “observation and inspection” risk assessment procedure would give emphasis to such procedures.
Discussion Among the Engagement Team 16 …The discussion also addresses application of the
applicable financial reporting framework to the entity’s facts and circumstances.
Yes 9 Appears to be an important clarification to the scope of matters discussed by the engagement team
17 …The key members of the engagement team are ordinarily involved in the discussion; however, it is not necessary for all team members to have a comprehensive knowledge of all aspects of the audit.
Yes 9 Appears to be an important clarification in terms of those to be involved in the discussion.
19 …there may be further discussions in order to facilitate the ongoing exchange of information between engagement team members….The purpose is for engagement team members to communicate and share information…that may affect the assessment of the risks of material misstatement due to fraud or error
Yes 9 Appears to be an important clarification to the required discussions among the engagement team
Internal Control 55 …. Inquiry alone is not sufficient to evaluate the
design of a control relevant to an audit and determine whether it has been implemented
Yes 13 Clarifying that “inquiry alone is not sufficient” is considered to be sufficiently important to the standard in terms of conveying the expected level of performance by the auditor.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·172
6
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
0 of
56
Map
ping
Doc
umen
t
Exh
ibit
2
Ori
gina
l ISA
315
N
ew
Para
. R
ef.
Com
men
t on
prop
osed
de
letio
n of
hig
hlig
hted
m
ater
ial a
nd o
ther
not
es.
1.
The
purp
ose
of th
is In
tern
atio
nal S
tand
ard
on A
uditi
ng (I
SA) i
s to
esta
blis
h st
anda
rds a
nd to
pro
vide
gui
danc
e on
obt
aini
ng a
n un
ders
tand
ing
of th
e en
tity
and
its e
nviro
nmen
t, in
clud
ing
its in
tern
al c
ontro
l, an
d on
ass
essi
ng th
e ris
ks o
f mat
eria
l m
isst
atem
ent i
n a
finan
cial
stat
emen
t aud
it. T
he im
porta
nce
of th
e au
dito
r’s ri
sk a
sses
smen
t as a
bas
is fo
r fur
ther
aud
it pr
oced
ures
is d
iscu
ssed
in th
e ex
plan
atio
n of
aud
it ris
k in
ISA
200
, “O
bjec
tive
and
Gen
eral
Prin
cipl
es G
over
ning
an
Aud
it of
Fi
nanc
ial S
tate
men
ts.”
1 N
ote:
Par
agra
ph h
as b
een
redr
afte
d.
2.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
ent
ity a
nd it
s env
iron
men
t, in
clud
ing
its in
tern
al c
ontr
ol, s
uffic
ient
to
iden
tify
and
asse
ss th
e ri
sks o
f mat
eria
l mis
stat
emen
t of t
he fi
nanc
ial s
tate
men
ts w
heth
er d
ue to
frau
d or
err
or, a
nd
suff
icie
nt to
des
ign
and
perf
orm
furt
her
audi
t pro
cedu
res.
IS
A 5
00, “
Aud
it Ev
iden
ce,”
requ
ires t
he a
udito
r to
use
asse
rtion
s in
suffi
cien
t det
ail t
o fo
rm a
bas
is fo
r the
ass
essm
ent o
f risk
s of
mat
eria
l mis
stat
emen
t and
the
desi
gn a
nd p
erfo
rman
ce o
f fur
ther
aud
it pr
oced
ures
. Thi
s ISA
requ
ires t
he a
udito
r to
mak
e ris
k as
sess
men
ts a
t the
fina
ncia
l sta
tem
ent a
nd a
sser
tion
leve
ls ba
sed
on a
n ap
prop
riate
und
erst
andi
ng o
f the
ent
ity a
nd it
s en
viro
nmen
t, in
clud
ing
its in
tern
al c
ontro
l. IS
A 3
30, “
The A
udito
r’s P
roce
dure
s in
Res
pons
e to
Ass
esse
d R
isks
” di
scus
ses t
he
audi
tor’s
resp
onsi
bilit
y to
det
erm
ine
over
all r
espo
nses
and
to d
esig
n an
d pe
rfor
m fu
rther
aud
it pr
oced
ures
who
se n
atur
e,
timin
g, a
nd e
xten
t are
resp
onsi
ve to
the
risk
asse
ssm
ents
. The
requ
irem
ents
and
gui
danc
e of
this
ISA
are
to b
e ap
plie
d in
co
njun
ctio
n w
ith th
e re
quire
men
ts a
nd g
uida
nce
prov
ided
in o
ther
ISA
s. In
par
ticul
ar, f
urth
er g
uida
nce
in re
latio
n to
the
audi
tor’s
resp
onsi
bilit
y to
ass
ess t
he ri
sks o
f mat
eria
l mis
stat
emen
t due
to fr
aud
is d
iscu
ssed
in IS
A 2
40, “
The A
udito
r’s
Res
pons
ibili
ty to
Con
side
r Fra
ud a
nd E
rror
in a
n A
udit
of F
inan
cial
Sta
tem
ents
.”
3 N
ote:
Red
rafte
d as
obj
ectiv
es.
Cro
ss-r
efer
ence
s, as
such
, may
ex
tend
the
leng
th o
f the
stan
dard
un
nece
ssar
ily.
3.
The
follo
win
g is
an
over
view
of t
he re
quire
men
ts o
f thi
s sta
ndar
d:
• Ri
sk a
sses
smen
t pro
cedu
res a
nd so
urce
s of i
nfor
mat
ion
abou
t the
ent
ity a
nd it
s env
ironm
ent,
incl
udin
g its
inte
rnal
co
ntro
l. Th
is se
ctio
n ex
plai
ns th
e au
dit p
roce
dure
s tha
t the
aud
itor i
s req
uire
d to
per
form
to o
btai
n th
e un
ders
tand
ing
of
the
entit
y an
d its
env
ironm
ent,
incl
udin
g its
inte
rnal
con
trol (
risk
asse
ssm
ent p
roce
dure
s). I
t als
o re
quire
s dis
cuss
ion
amon
g th
e en
gage
men
t tea
m a
bout
the
susc
eptib
ility
of t
he e
ntity
’s fi
nanc
ial s
tate
men
ts to
mat
eria
l mis
stat
emen
t. •
Und
erst
andi
ng th
e en
tity
and
its e
nviro
nmen
t, in
clud
ing
its in
tern
al c
ontro
l. Th
is se
ctio
n re
quire
s the
aud
itor t
o un
ders
tand
spec
ified
asp
ects
of t
he e
ntity
and
its e
nviro
nmen
t, an
d co
mpo
nent
s of i
ts in
tern
al c
ontro
l, in
ord
er to
O
verv
iew
no
long
er n
eces
sary
as
a re
sult
of re
draf
ting.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·172
7
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
1 of
56
iden
tify
and
asse
ss th
e ris
ks o
f mat
eria
l mis
stat
emen
t. •
Asse
ssin
g th
e ri
sks o
f mat
eria
l mis
stat
emen
t. Th
is se
ctio
n re
quire
s the
aud
itor t
o id
entif
y an
d as
sess
the
risks
of
mat
eria
l mis
stat
emen
t at t
he fi
nanc
ial s
tate
men
t and
ass
ertio
n le
vels
. The
aud
itor:
– Id
entif
ies r
isks
by
cons
ider
ing
the
entit
y an
d its
env
ironm
ent,
incl
udin
g re
leva
nt c
ontro
ls, a
nd b
y co
nsid
erin
g th
e cl
asse
s of t
rans
actio
ns, a
ccou
nt b
alan
ces,
and
disc
losu
res i
n th
e fin
anci
al st
atem
ents
; –
Rel
ates
the
iden
tifie
d ris
ks to
wha
t can
go
wro
ng a
t the
ass
ertio
n le
vel;
and
– C
onsi
ders
the
sign
ifica
nce
and
likel
ihoo
d of
the
risks
.
This
sect
ion
also
requ
ires t
he a
udito
r to
dete
rmin
e w
heth
er a
ny o
f the
ass
esse
d ris
ks a
re si
gnifi
cant
risk
s tha
t req
uire
sp
ecia
l aud
it co
nsid
erat
ion
or ri
sks f
or w
hich
subs
tant
ive
proc
edur
es a
lone
do
not p
rovi
de su
ffici
ent a
ppro
pria
te a
udit
evid
ence
. The
aud
itor i
s req
uire
d to
eva
luat
e th
e de
sign
of t
he e
ntity
’s c
ontro
ls, i
nclu
ding
rele
vant
con
trol a
ctiv
ities
, ov
er su
ch ri
sks a
nd d
eter
min
e w
heth
er th
ey h
ave
been
impl
emen
ted.
•
Com
mun
icat
ing
with
thos
e ch
arge
d w
ith g
over
nanc
e an
d m
anag
emen
t. Th
is se
ctio
n de
als w
ith m
atte
rs re
latin
g to
in
tern
al c
ontro
l tha
t the
aud
itor c
omm
unic
ates
to th
ose
char
ged
with
gov
erna
nce
and
man
agem
ent.
• D
ocum
enta
tion.
Thi
s sec
tion
esta
blis
hes r
elat
ed d
ocum
enta
tion
requ
irem
ents
. 4.
O
btai
ning
an
unde
rsta
ndin
g of
the
entit
y an
d its
env
ironm
ent i
s an
esse
ntia
l asp
ect o
f per
form
ing
an a
udit
in a
ccor
danc
e w
ith
ISA
s. In
par
ticul
ar, t
hat u
nder
stan
ding
est
ablis
hes a
fram
e of
refe
renc
e w
ithin
whi
ch th
e au
dito
r pla
ns th
e au
dit a
nd e
xerc
ises
pr
ofes
sion
al ju
dgm
ent a
bout
ass
essi
ng ri
sks o
f mat
eria
l mis
stat
emen
t of t
he fi
nanc
ial s
tate
men
ts a
nd re
spon
ding
to th
ose
risks
th
roug
hout
the
audi
t, fo
r exa
mpl
e w
hen:
•
Esta
blis
hing
mat
eria
lity
and
eval
uatin
g w
heth
er th
e ju
dgm
ent a
bout
mat
eria
lity
rem
ains
app
ropr
iate
as t
he a
udit
prog
ress
es;
• C
onsi
derin
g th
e ap
prop
riate
ness
of t
he se
lect
ion
and
appl
icat
ion
of a
ccou
ntin
g po
licie
s, an
d th
e ad
equa
cy o
f fin
anci
al
stat
emen
t dis
clos
ures
; •
Iden
tifyi
ng a
reas
whe
re sp
ecia
l aud
it co
nsid
erat
ion
may
be
nece
ssar
y, fo
r exa
mpl
e, re
late
d pa
rty tr
ansa
ctio
ns, t
he
appr
opria
tene
ss o
f man
agem
ent’s
use
of t
he g
oing
con
cern
ass
umpt
ion,
or c
onsi
derin
g th
e bu
sine
ss p
urpo
se o
f tra
nsac
tions
; •
Dev
elop
ing
expe
ctat
ions
for u
se w
hen
perf
orm
ing
anal
ytic
al p
roce
dure
s;
• D
esig
ning
and
per
form
ing
furth
er a
udit
proc
edur
es to
redu
ce a
udit
risk
to a
n ac
cept
ably
low
leve
l; an
d
• Ev
alua
ting
the
suffi
cien
cy a
nd a
ppro
pria
tene
ss o
f aud
it ev
iden
ce o
btai
ned,
such
as t
he a
ppro
pria
tene
ss o
f ass
umpt
ions
an
d of
man
agem
ent’s
ora
l and
writ
ten
repr
esen
tatio
ns.
A1
Unn
eces
sary
stat
emen
t.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·172
8
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
2 of
56
5.
The
audi
tor u
ses p
rofe
ssio
nal j
udgm
ent t
o de
term
ine
the
exte
nt o
f the
und
erst
andi
ng re
quire
d of
the
entit
y an
d its
env
ironm
ent,
incl
udin
g its
inte
rnal
cont
rol.
The a
udito
r’s p
rimar
y co
nsid
erat
ion
is w
heth
er th
e und
erst
andi
ng th
at h
as b
een
obta
ined
is su
ffici
ent
to a
sses
s the
risk
s of m
ater
ial m
isst
atem
ent o
f the
fina
ncia
l sta
tem
ents
and
to d
esig
n an
d pe
rfor
m fu
rther
aud
it pr
oced
ures
.1 The
de
pth
of th
e ove
rall
unde
rsta
ndin
g th
at is
requ
ired
by th
e aud
itor i
n pe
rfor
min
g th
e aud
it is
less
than
that
pos
sess
ed b
y m
anag
emen
t in
man
agin
g th
e en
tity.
A3
Not
e: S
econ
d se
nten
ce h
as b
een
redr
afte
d.
Ris
k A
sses
smen
t Pro
cedu
res a
nd S
ourc
es o
f Inf
orm
atio
n A
bout
the
Ent
ity a
nd It
s Env
iron
men
t, In
clud
ing
Its I
nter
nal
Con
trol
6.
O
btai
ning
an
unde
rsta
ndin
g of
the
entit
y an
d its
env
ironm
ent,
incl
udin
g its
inte
rnal
con
trol,
is a
con
tinuo
us, d
ynam
ic p
roce
ss
of g
athe
ring,
upd
atin
g an
d an
alyz
ing
info
rmat
ion
thro
ugho
ut th
e au
dit.
As d
escr
ibed
in IS
A 5
00, a
udit
proc
edur
es to
obt
ain
an u
nder
stan
ding
are
refe
rred
to a
s “ris
k as
sess
men
t pro
cedu
res”
bec
ause
so
me
of th
e in
form
atio
n ob
tain
ed b
y pe
rfor
min
g su
ch p
roce
dure
s may
be
used
by
the
audi
tor a
s aud
it ev
iden
ce to
supp
ort
asse
ssm
ents
of t
he ri
sks o
f mat
eria
l mis
stat
emen
t.
I
n ad
ditio
n, in
per
form
ing
risk
asse
ssm
ent p
roce
dure
s, th
e au
dito
r may
obt
ain
audi
t evi
denc
e ab
out c
lass
es o
f tra
nsac
tions
, ac
coun
t bal
ance
s, or
dis
clos
ures
and
rela
ted
asse
rtion
s and
abo
ut th
e op
erat
ing
effe
ctiv
enes
s of c
ontro
ls, e
ven
thou
gh su
ch
audi
t pro
cedu
res w
ere
not s
peci
fical
ly p
lann
ed a
s sub
stan
tive
proc
edur
es o
r as t
ests
of c
ontro
ls. T
he a
udito
r als
o m
ay c
hoos
e to
per
form
subs
tant
ive
proc
edur
es o
r tes
ts o
f con
trols
con
curr
ently
with
risk
ass
essm
ent p
roce
dure
s bec
ause
it is
effi
cien
t to
do so
.
A1 5
and
A2
A2
RISK
ASS
ESSM
ENT
PRO
CED
URE
S
7.
The
aud
itor
shou
ld p
erfo
rm th
e fo
llow
ing
risk
ass
essm
ent p
roce
dure
s to
obta
in a
n un
ders
tand
ing
of th
e en
tity
and
its
envi
ronm
ent,
incl
udin
g its
inte
rnal
con
trol
: (a
) In
quir
ies o
f man
agem
ent a
nd o
ther
s with
in th
e en
tity;
(b
) A
naly
tical
pro
cedu
res;
and
(c
) O
bser
vatio
n an
d in
spec
tion.
Th
e au
dito
r is n
ot re
quire
d to
per
form
all
the
risk
asse
ssm
ent p
roce
dure
s des
crib
ed a
bove
for e
ach
aspe
ct o
f the
und
erst
andi
ng
desc
ribed
in p
arag
raph
20.
How
ever
, all
the
risk
asse
ssm
ent p
roce
dure
s are
per
form
ed b
y th
e au
dito
r in
the
cour
se o
f ob
tain
ing
the
requ
ired
unde
rsta
ndin
g.
6a-c
A
5
Not
e: L
ead-
in s
ente
nce
has
been
re
draf
ted.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·172
9
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
3 of
56
8.
In a
dditi
on, t
he a
udito
r per
form
s oth
er a
udit
proc
edur
es w
here
the
info
rmat
ion
obta
ined
may
be
help
ful i
n id
entif
ying
risk
s of
mat
eria
l mis
stat
emen
t. F
or e
xam
ple,
the
audi
tor m
ay c
onsi
der m
akin
g in
quiri
es o
f the
ent
ity’s
ext
erna
l leg
al c
ouns
el o
r of
valu
atio
n ex
perts
that
the
entit
y ha
s use
d. R
evie
win
g in
form
atio
n ob
tain
ed fr
om e
xter
nal s
ourc
es su
ch a
s rep
orts
by
anal
ysts
, ba
nks,
or ra
ting
agen
cies
; tra
de a
nd e
cono
mic
jour
nals
; or r
egul
ator
y or
fina
ncia
l pub
licat
ions
may
als
o be
use
ful i
n ob
tain
ing
info
rmat
ion
abou
t the
ent
ity.
6 an
d
A10
N
ote:
Par
agra
ph h
as b
een
redr
afte
d sl
ight
ly.
9.
Alth
ough
muc
h of
the
info
rmat
ion
the
audi
tor o
btai
ns b
y in
quiri
es c
an b
e ob
tain
ed fr
om m
anag
emen
t and
thos
e re
spon
sibl
e fo
r fin
anci
al re
porti
ng, i
nqui
ries o
f oth
ers w
ithin
the
entit
y, su
ch a
s pro
duct
ion
and
inte
rnal
aud
it pe
rson
nel,
and
othe
r em
ploy
ees w
ith d
iffer
ent l
evel
s of a
utho
rity,
may
be
usef
ul in
pro
vidi
ng th
e au
dito
r with
a d
iffer
ent p
ersp
ectiv
e in
iden
tifyi
ng
risks
of m
ater
ial m
isst
atem
ent.
In
det
erm
inin
g ot
hers
with
in th
e en
tity
to w
hom
inqu
iries
may
be
dire
cted
, and
the
exte
nt o
f tho
se in
quiri
es, t
he a
udito
r co
nsid
ers w
hat i
nfor
mat
ion
may
be
obta
ined
that
hel
ps th
e au
dito
r in
iden
tifyi
ng ri
sks o
f mat
eria
l mis
stat
emen
t.
For e
xam
ple:
•
Inqu
iries
dire
cted
tow
ards
thos
e ch
arge
d w
ith g
over
nanc
e m
ay h
elp
the
audi
tor u
nder
stan
d th
e en
viro
nmen
t in
whi
ch
the
finan
cial
stat
emen
ts a
re p
repa
red.
•
Inqu
iries
dire
cted
tow
ard
inte
rnal
aud
it pe
rson
nel m
ay re
late
to th
eir a
ctiv
ities
con
cern
ing
the
desi
gn a
nd e
ffect
iven
ess
of th
e en
tity’
s int
erna
l con
trol a
nd w
heth
er m
anag
emen
t has
satis
fact
orily
resp
onde
d to
any
find
ings
from
thes
e ac
tiviti
es.
• In
quiri
es o
f em
ploy
ees i
nvol
ved
in in
itiat
ing,
pro
cess
ing
or re
cord
ing
com
plex
or u
nusu
al tr
ansa
ctio
ns m
ay h
elp
the
audi
tor i
n ev
alua
ting
the
appr
opria
tene
ss o
f the
sele
ctio
n an
d ap
plic
atio
n of
cer
tain
acc
ount
ing
polic
ies.
• In
quiri
es d
irect
ed to
war
d in
-hou
se le
gal c
ouns
el m
ay re
late
to su
ch m
atte
rs a
s liti
gatio
n, c
ompl
ianc
e w
ith la
ws a
nd
regu
latio
ns, k
now
ledg
e of
frau
d or
susp
ecte
d fr
aud
affe
ctin
g th
e en
tity,
war
rant
ies,
post
-sal
es o
blig
atio
ns, a
rran
gem
ents
(s
uch
as jo
int v
entu
res)
with
bus
ines
s par
tner
s and
the
mea
ning
of c
ontra
ct te
rms.
• In
quiri
es d
irect
ed to
war
ds m
arke
ting
or sa
les p
erso
nnel
may
rela
te to
cha
nges
in th
e en
tity’
s mar
ketin
g st
rate
gies
, sal
es
trend
s, or
con
tract
ual a
rran
gem
ents
with
its c
usto
mer
s.
A6
6a
A6
Not
e: P
arag
raph
has
bee
n re
draf
ted
slig
htly
.
10.
Ana
lytic
al p
roce
dure
s may
be
help
ful i
n id
entif
ying
the
exis
tenc
e of
unu
sual
tran
sact
ions
or e
vent
s, an
d am
ount
s, ra
tios,
and
trend
s tha
t mig
ht in
dica
te m
atte
rs th
at h
ave
finan
cial
stat
emen
t and
aud
it im
plic
atio
ns. I
n pe
rfor
min
g an
alyt
ical
pro
cedu
res a
s ris
k as
sess
men
t pro
cedu
res,
the
audi
tor d
evel
ops e
xpec
tatio
ns a
bout
pla
usib
le re
latio
nshi
ps th
at a
re re
ason
ably
exp
ecte
d to
A7
Rep
etiti
ve o
f ISA
520
.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
0
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
4 of
56
exis
t. W
hen
com
paris
on o
f tho
se e
xpec
tatio
ns w
ith re
cord
ed a
mou
nts o
r rat
ios d
evel
oped
from
reco
rded
am
ount
s yie
lds
unus
ual o
r une
xpec
ted
rela
tions
hips
, the
aud
itor c
onsi
ders
thos
e re
sults
in id
entif
ying
risk
s of m
ater
ial m
isst
atem
ent.
How
ever
, whe
n su
ch a
naly
tical
pro
cedu
res u
se d
ata
aggr
egat
ed a
t a h
igh
leve
l (w
hich
is o
ften
the
situ
atio
n), t
he re
sults
of
thos
e an
alyt
ical
pro
cedu
res o
nly
prov
ide
a br
oad
initi
al in
dica
tion
abou
t whe
ther
a m
ater
ial m
isst
atem
ent m
ay e
xist
. A
ccor
ding
ly, t
he a
udito
r con
side
rs th
e re
sults
of s
uch
anal
ytic
al p
roce
dure
s alo
ng w
ith o
ther
info
rmat
ion
gath
ered
in
iden
tifyi
ng th
e ris
ks o
f mat
eria
l mis
stat
emen
t. Se
e IS
A 5
20, “
Ana
lytic
al P
roce
dure
s” fo
r add
ition
al g
uida
nce
on th
e us
e of
an
alyt
ical
pro
cedu
res.
A8
Not
e: P
enul
timat
e se
nten
ce h
as
been
redr
afte
d.
11.
Obs
erva
tion
and
insp
ectio
n m
ay su
ppor
t inq
uirie
s of m
anag
emen
t and
oth
ers,
and
also
pro
vide
info
rmat
ion
abou
t the
ent
ity
and
its e
nviro
nmen
t. Su
ch a
udit
proc
edur
es o
rdin
arily
incl
ude
the
follo
win
g:
• O
bser
vatio
n of
ent
ity a
ctiv
ities
and
ope
ratio
ns.
• In
spec
tion
of d
ocum
ents
(suc
h as
bus
ines
s pla
ns a
nd st
rate
gies
), re
cord
s, an
d in
tern
al c
ontro
l man
uals
. •
Rea
ding
repo
rts p
repa
red
by m
anag
emen
t (su
ch a
s qua
rterly
man
agem
ent r
epor
ts a
nd in
terim
fina
ncia
l sta
tem
ents
) and
th
ose
char
ged
with
gov
erna
nce
(suc
h as
min
utes
of b
oard
of d
irect
ors’
mee
tings
).
• V
isits
to th
e en
tity’
s pre
mis
es a
nd p
lant
faci
litie
s. •
Trac
ing
trans
actio
ns th
roug
h th
e in
form
atio
n sy
stem
rele
vant
to fi
nanc
ial r
epor
ting
(wal
k-th
roug
hs).
A9
6c
12.
Whe
n th
e au
dito
r in
tend
s to
use
info
rmat
ion
abou
t the
ent
ity a
nd it
s env
iron
men
t obt
aine
d in
pri
or p
erio
ds, t
he
audi
tor
shou
ld d
eter
min
e w
heth
er c
hang
es h
ave
occu
rred
that
may
aff
ect t
he r
elev
ance
of s
uch
info
rmat
ion
in th
e cu
rren
t aud
it. F
or c
ontin
uing
eng
agem
ents
, the
aud
itor’s
pre
viou
s exp
erie
nce
with
the
entit
y co
ntrib
utes
to th
e un
ders
tand
ing
of th
e en
tity.
For
exa
mpl
e, a
udit
proc
edur
es p
erfo
rmed
in p
revi
ous a
udits
ord
inar
ily p
rovi
de a
udit
evid
ence
abo
ut th
e en
tity’
s or
gani
zatio
nal s
truct
ure,
bus
ines
s and
con
trols
, as w
ell a
s inf
orm
atio
n ab
out p
ast m
isst
atem
ents
and
whe
ther
or n
ot th
ey w
ere
corr
ecte
d on
a ti
mel
y ba
sis,
whi
ch a
ssis
ts th
e au
dito
r in
asse
ssin
g ris
ks o
f mat
eria
l mis
stat
emen
t in
the
curr
ent a
udit.
How
ever
, su
ch in
form
atio
n m
ay h
ave
been
rend
ered
irre
leva
nt b
y ch
ange
s in
the
entit
y or
its e
nviro
nmen
t. T
he a
udito
r mak
es in
quiri
es
and
perf
orm
s oth
er a
ppro
pria
te a
udit
proc
edur
es, s
uch
as w
alk-
thro
ughs
of s
yste
ms,
to d
eter
min
e w
heth
er c
hang
es h
ave
occu
rred
that
may
affe
ct th
e re
leva
nce
of su
ch in
form
atio
n.
8 an
d A
11
A12
Not
e:
Firs
t pa
rt of
bo
ld
type
se
nten
ce h
as b
een
redr
afte
d sl
ight
ly.
Not
e: R
emai
nder
of
the
para
grap
h ha
s bee
n re
draf
ted.
13.
Whe
n re
leva
nt to
the
audi
t, th
e au
dito
r als
o co
nsid
ers o
ther
info
rmat
ion
such
as t
hat o
btai
ned
from
the
audi
tor’s
clie
nt
acce
ptan
ce o
r con
tinua
nce
proc
ess o
r, w
here
pra
ctic
able
, exp
erie
nce
gain
ed o
n ot
her e
ngag
emen
ts p
erfo
rmed
for t
he e
ntity
, for
ex
ampl
e, e
ngag
emen
ts to
revi
ew in
terim
fina
ncia
l inf
orm
atio
n.
7
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
1
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
5 of
56
DIS
CU
SSIO
N A
MO
NG
TH
E EN
GAG
EMEN
T TE
AM
14.
The
mem
bers
of t
he e
ngag
emen
t tea
m sh
ould
dis
cuss
the
susc
eptib
ility
of t
he e
ntity
’s fi
nanc
ial s
tate
men
ts to
mat
eria
l m
isst
atem
ents
.
9
15.
The
obje
ctiv
e of
this
dis
cuss
ion
is fo
r mem
bers
of t
he e
ngag
emen
t tea
m to
gai
n a
bette
r und
erst
andi
ng o
f the
pot
entia
l for
m
ater
ial m
isst
atem
ents
of t
he fi
nanc
ial s
tate
men
ts re
sulti
ng fr
om fr
aud
or e
rror
in th
e sp
ecifi
c ar
eas a
ssig
ned
to th
em, a
nd to
un
ders
tand
how
the
resu
lts o
f the
aud
it pr
oced
ures
that
they
per
form
may
affe
ct o
ther
asp
ects
of t
he a
udit
incl
udin
g th
e de
cisi
ons a
bout
the
natu
re, t
imin
g, a
nd e
xten
t of f
urth
er a
udit
proc
edur
es.
9
16.
The
disc
ussi
on p
rovi
des a
n op
portu
nity
for m
ore
expe
rienc
ed e
ngag
emen
t tea
m m
embe
rs, i
nclu
ding
the
enga
gem
ent p
artn
er,
to sh
are
thei
r ins
ight
s bas
ed o
n th
eir k
now
ledg
e of
the
entit
y, a
nd fo
r the
team
mem
bers
to e
xcha
nge
info
rmat
ion
abou
t the
bu
sine
ss ri
sks t
o w
hich
the
entit
y is
subj
ect a
nd a
bout
how
and
whe
re th
e fin
anci
al st
atem
ents
mig
ht b
e su
scep
tible
to m
ater
ial
mis
stat
emen
t. A
s req
uire
d by
ISA
240
, par
ticul
ar e
mph
asis
is g
iven
to th
e su
scep
tibili
ty o
f the
ent
ity’s
fina
ncia
l sta
tem
ents
to
mat
eria
l mis
stat
emen
t due
to fr
aud.
The
disc
ussi
on a
lso
addr
esse
s app
licat
ion
of th
e ap
plic
able
fina
ncia
l rep
ortin
g fr
amew
ork
to th
e en
tity’
s fac
ts a
nd c
ircum
stan
ces.
A13
9
Not
e: F
irst t
wo
sent
ence
s hav
e bee
n re
draf
ted
slig
htly
.
17.
Prof
essi
onal
judg
men
t is u
sed
to d
eter
min
e w
hich
mem
bers
of t
he e
ngag
emen
t tea
m a
re in
clud
ed in
the
disc
ussi
on, h
ow a
nd
whe
n it
occu
rs, a
nd th
e ex
tent
of t
he d
iscu
ssio
n. T
he k
ey m
embe
rs o
f the
eng
agem
ent t
eam
are
ord
inar
ily in
volv
ed in
the
disc
ussi
on; h
owev
er, i
t is n
ot n
eces
sary
for a
ll te
am m
embe
rs to
hav
e a
com
preh
ensi
ve k
now
ledg
e of
all
aspe
cts o
f the
aud
it.
The
exte
nt o
f the
dis
cuss
ion
is in
fluen
ced
by th
e ro
les,
expe
rienc
e, a
nd in
form
atio
n ne
eds o
f the
eng
agem
ent t
eam
mem
bers
. In
a m
ulti-
loca
tion
audi
t, fo
r exa
mpl
e, th
ere
may
be
mul
tiple
dis
cuss
ions
that
invo
lve
the
key
mem
bers
of t
he e
ngag
emen
t te
am in
eac
h si
gnifi
cant
loca
tion.
Ano
ther
fact
or to
con
side
r in
plan
ning
the
disc
ussi
ons i
s whe
ther
to in
clud
e ex
perts
ass
igne
d to
the
enga
gem
ent t
eam
. For
exa
mpl
e, th
e au
dito
r may
det
erm
ine
that
incl
udin
g a
prof
essi
onal
pos
sess
ing
spec
ialis
t in
form
atio
n te
chno
logy
(IT)
or o
ther
skill
s is n
eede
d on
the
enga
gem
ent t
eam
and
ther
efor
e in
clud
es th
at in
divi
dual
in th
e di
scus
sion
.
9 A14
Not
e: P
arag
raph
has
bee
n re
draf
ted.
18.
As r
equi
red
by IS
A 2
00, t
he a
udito
r pla
ns a
nd p
erfo
rms t
he a
udit
with
an
attit
ude
of p
rofe
ssio
nal s
kept
icis
m.
T
he d
iscu
ssio
n am
ong
the
enga
gem
ent t
eam
mem
bers
em
phas
izes
the
need
to m
aint
ain
prof
essi
onal
skep
ticis
m th
roug
hout
the
enga
gem
ent,
to b
e al
ert f
or in
form
atio
n or
oth
er c
ondi
tions
that
indi
cate
that
a m
ater
ial m
isst
atem
ent d
ue to
frau
d or
err
or m
ay
Rep
etiti
ve o
f ISA
200
. Es
sent
ially
co
vere
d by
pr
opos
ed
new
re
quire
men
ts
and
rela
ted
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
2
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
6 of
56
have
occ
urre
d, a
nd to
be
rigor
ous i
n fo
llow
ing
up o
n su
ch in
dica
tions
.
guid
ance
in re
draf
ted
ISA
315
.9 an
d A
13, r
espe
ctiv
ely.
Als
o co
vere
d by
lis
t of
con
side
ratio
ns i
nclu
ded
in
redr
afte
d IS
A 2
40.A
31.
19
. D
epen
ding
on
the
circ
umst
ance
s of t
he a
udit,
ther
e m
ay b
e fu
rther
dis
cuss
ions
in o
rder
to fa
cilit
ate
the
ongo
ing
exch
ange
of
info
rmat
ion
betw
een
enga
gem
ent t
eam
mem
bers
rega
rdin
g th
e su
scep
tibili
ty o
f the
ent
ity’s
fina
ncia
l sta
tem
ents
to m
ater
ial
mis
stat
emen
ts. T
he p
urpo
se is
for e
ngag
emen
t tea
m m
embe
rs to
com
mun
icat
e an
d sh
are
info
rmat
ion
obta
ined
thro
ugho
ut th
e au
dit t
hat m
ay a
ffect
the
asse
ssm
ent o
f the
risk
s of m
ater
ial m
isst
atem
ent d
ue to
frau
d or
err
or o
r the
aud
it pr
oced
ures
pe
rfor
med
to a
ddre
ss th
e ris
ks.
9 N
ote:
Par
agra
ph h
as b
een
redr
afte
d.
Und
erst
andi
ng th
e E
ntity
and
Its E
nvir
onm
ent,
Incl
udin
g It
s Int
erna
l Con
trol
20.
The
audi
tor’s
und
erst
andi
ng o
f the
ent
ity a
nd it
s env
ironm
ent c
onsi
sts o
f an
unde
rsta
ndin
g of
the
follo
win
g as
pect
s:
(a)
Indu
stry
, reg
ulat
ory,
and
oth
er e
xter
nal f
acto
rs, i
nclu
ding
the
appl
icab
le fi
nanc
ial r
epor
ting
fram
ewor
k.
(b)
Nat
ure
of th
e en
tity,
incl
udin
g th
e en
tity’
s sel
ectio
n an
d ap
plic
atio
n of
acc
ount
ing
polic
ies.
(c)
Obj
ectiv
es a
nd st
rate
gies
and
the
rela
ted
busi
ness
risk
s tha
t may
resu
lt in
a m
ater
ial m
isst
atem
ent o
f the
fina
ncia
l st
atem
ents
. (d
) M
easu
rem
ent a
nd re
view
of t
he e
ntity
’s fi
nanc
ial p
erfo
rman
ce.
(e)
Inte
rnal
con
trol.
A
ppen
dix
1 co
ntai
ns e
xam
ples
of m
atte
rs th
at th
e au
dito
r may
con
side
r in
obta
inin
g an
und
erst
andi
ng o
f the
ent
ity a
nd it
s en
viro
nmen
t rel
atin
g to
cat
egor
ies (
a) th
roug
h (d
) abo
ve. A
ppen
dix
2 co
ntai
ns a
det
aile
d ex
plan
atio
n of
the
inte
rnal
con
trol
com
pone
nts.
O
verv
iew
no
long
er n
eces
sary
as
a re
sult
of re
draf
ting.
21.
The
natu
re, t
imin
g, a
nd e
xten
t of t
he ri
sk a
sses
smen
t pro
cedu
res p
erfo
rmed
dep
end
on th
e ci
rcum
stan
ces o
f the
eng
agem
ent
such
as t
he si
ze a
nd c
ompl
exity
of t
he e
ntity
and
the
audi
tor’s
exp
erie
nce
with
it. I
n ad
ditio
n, id
entif
ying
sign
ifica
nt c
hang
es
in a
ny o
f the
abo
ve a
spec
ts o
f the
ent
ity fr
om p
rior p
erio
ds is
par
ticul
arly
impo
rtant
in g
aini
ng a
suffi
cien
t und
erst
andi
ng o
f th
e en
tity
to id
entif
y an
d as
sess
risk
s of m
ater
ial m
isst
atem
ent.
A11
Unn
eces
sary
stat
emen
t.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
3
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
7 of
56
I ND
UST
RY,
REG
ULA
TORY
AN
D
OTH
ER
EXTE
RNAL
FA
CTO
RS,
INC
LUD
ING
TH
E AP
PLIC
ABLE
FI
NAN
CIA
L RE
PORT
ING
FR
AMEW
ORK
22.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f rel
evan
t ind
ustr
y, r
egul
ator
y, a
nd o
ther
ext
erna
l fac
tors
incl
udin
g th
e ap
plic
able
fina
ncia
l rep
ortin
g fr
amew
ork.
Th
ese
fact
ors i
nclu
de in
dust
ry c
ondi
tions
such
as t
he c
ompe
titiv
e en
viro
nmen
t, su
pplie
r and
cus
tom
er re
latio
nshi
ps, a
nd
tech
nolo
gica
l dev
elop
men
ts; t
he re
gula
tory
env
ironm
ent e
ncom
pass
ing,
am
ong
othe
r mat
ters
, the
app
licab
le fi
nanc
ial
repo
rting
fram
ewor
k, th
e le
gal a
nd p
oliti
cal e
nviro
nmen
t, an
d en
viro
nmen
tal r
equi
rem
ents
affe
ctin
g th
e in
dust
ry a
nd th
e en
tity;
and
oth
er e
xter
nal f
acto
rs su
ch a
s gen
eral
eco
nom
ic c
ondi
tions
. See
ISA
250
, “C
onsi
dera
tion
of L
aws a
nd R
egul
atio
ns
in a
n A
udit
of F
inan
cial
Sta
tem
ents
” fo
r add
ition
al re
quire
men
ts re
late
d to
the
lega
l and
regu
lato
ry fr
amew
ork
appl
icab
le to
th
e en
tity
and
the
indu
stry
.
10a
A15
A
17
A19
23.
The
indu
stry
in w
hich
the
entit
y op
erat
es m
ay g
ive
rise
to sp
ecifi
c ris
ks o
f mat
eria
l mis
stat
emen
t aris
ing
from
the
natu
re o
f the
bu
sine
ss o
r the
deg
ree
of re
gula
tion.
For
exa
mpl
e, lo
ng-te
rm c
ontra
cts m
ay in
volv
e si
gnifi
cant
est
imat
es o
f rev
enue
s and
cos
ts
that
giv
e ris
e to
risk
s of m
ater
ial m
isst
atem
ent.
In su
ch c
ases
, the
aud
itor c
onsi
ders
whe
ther
the
enga
gem
ent t
eam
incl
udes
m
embe
rs w
ith su
ffici
ent r
elev
ant k
now
ledg
e an
d ex
perie
nce.
A16
N
ote:
La
st
sent
ence
ha
s be
en
redr
afte
d.
24.
Legi
slat
ive
and
regu
lato
ry re
quire
men
ts o
ften
dete
rmin
e th
e ap
plic
able
fina
ncia
l rep
ortin
g fr
amew
ork
to b
e us
ed b
y m
anag
emen
t in
prep
arin
g th
e en
tity’
s fin
anci
al st
atem
ents
. In
mos
t cas
es, t
he a
pplic
able
fina
ncia
l rep
ortin
g fr
amew
ork
will
be
that
of t
he ju
risdi
ctio
n in
whi
ch th
e en
tity
is re
gist
ered
or o
pera
tes a
nd th
e au
dito
r is b
ased
, and
the
audi
tor a
nd th
e en
tity
will
ha
ve a
com
mon
und
erst
andi
ng o
f tha
t fra
mew
ork.
In so
me
case
s the
re m
ay b
e no
loca
l fin
anci
al re
porti
ng fr
amew
ork,
in
whi
ch c
ase
the
entit
y’s c
hoic
e w
ill b
e go
vern
ed b
y lo
cal p
ract
ice,
indu
stry
pra
ctic
e, u
ser n
eeds
, or o
ther
fact
ors.
For e
xam
ple,
th
e en
tity’
s com
petit
ors m
ay a
pply
Inte
rnat
iona
l Fin
anci
al R
epor
ting
Stan
dard
s (IF
RS)
and
the
entit
y m
ay d
eter
min
e th
at
IFR
S ar
e al
so a
ppro
pria
te fo
r its
fina
ncia
l rep
ortin
g re
quire
men
ts.
Th
e au
dito
r con
side
rs w
heth
er lo
cal r
egul
atio
ns sp
ecify
cer
tain
fina
ncia
l rep
ortin
g re
quire
men
ts fo
r the
indu
stry
in w
hich
the
entit
y op
erat
es, s
ince
the
finan
cial
stat
emen
ts m
ay b
e m
ater
ially
mis
stat
ed in
the
cont
ext o
f the
app
licab
le fi
nanc
ial r
epor
ting
fram
ewor
k if
man
agem
ent f
ails
to p
repa
re th
e fin
anci
al st
atem
ents
in a
ccor
danc
e w
ith su
ch re
gula
tions
.
-
Cov
ered
by
ISA
200
and
700
.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
4
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
8 of
56
NAT
URE
OF
THE
ENTI
TY
25.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
nat
ure
of th
e en
tity.
The
nat
ure
of a
n en
tity
refe
rs to
the
entit
y’s
oper
atio
ns, i
ts o
wne
rshi
p an
d go
vern
ance
, the
type
s of i
nves
tmen
ts th
at it
is m
akin
g an
d pl
ans t
o m
ake,
the
way
that
the
entit
y is
stru
ctur
ed a
nd h
ow it
is fi
nanc
ed. A
n un
ders
tand
ing
of th
e na
ture
of a
n en
tity
enab
les t
he a
udito
r to
unde
rsta
nd th
e cl
asse
s of
tran
sact
ions
, acc
ount
bal
ance
s, an
d di
sclo
sure
s to
be e
xpec
ted
in th
e fin
anci
al st
atem
ents
.
10b
Not
e: F
irst
and
seco
nd s
ente
nces
ha
ve b
een
com
bine
d an
d re
draf
ted.
26.
The
entit
y m
ay h
ave
a co
mpl
ex st
ruct
ure
with
subs
idia
ries o
r oth
er c
ompo
nent
s in
mul
tiple
loca
tions
. In
addi
tion
to th
e di
fficu
lties
of c
onso
lidat
ion
in su
ch c
ases
, oth
er is
sues
with
com
plex
stru
ctur
es th
at m
ay g
ive
rise
to ri
sks o
f mat
eria
l m
isst
atem
ent i
nclu
de: t
he a
lloca
tion
of g
oodw
ill to
bus
ines
s seg
men
ts, a
nd it
s im
pairm
ent;
whe
ther
inve
stm
ents
are
join
t ve
ntur
es, s
ubsi
diar
ies,
or in
vest
men
ts ac
coun
ted
for u
sing
the
equi
ty m
etho
d; a
nd w
heth
er sp
ecia
l-pur
pose
ent
ities
are
ac
coun
ted
for a
ppro
pria
tely
.
A21
N
ote:
Pa
ragr
aph
has
been
re
draf
ted.
27.
An
unde
rsta
ndin
g of
the
owne
rshi
p an
d re
latio
ns b
etw
een
owne
rs a
nd o
ther
peo
ple
or e
ntiti
es is
als
o im
porta
nt in
det
erm
inin
g w
heth
er re
late
d pa
rty tr
ansa
ctio
ns h
ave
been
iden
tifie
d an
d ac
coun
ted
for a
ppro
pria
tely
. ISA
550
, “R
elat
ed P
artie
s” p
rovi
des
addi
tiona
l gui
danc
e on
the
audi
tor’s
con
side
ratio
ns re
leva
nt to
rela
ted
parti
es.
A21
28.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
ent
ity’s
sele
ctio
n an
d ap
plic
atio
n of
acc
ount
ing
polic
ies a
nd
cons
ider
whe
ther
they
are
app
ropr
iate
for
its b
usin
ess a
nd c
onsi
sten
t with
the
appl
icab
le fi
nanc
ial r
epor
ting
fram
ewor
k an
d ac
coun
ting
polic
es u
sed
in th
e re
leva
nt in
dust
ry.
Th
e un
ders
tand
ing
enco
mpa
sses
the
met
hods
the
entit
y us
es to
acc
ount
for s
igni
fican
t and
unu
sual
tran
sact
ions
; the
effe
ct o
f si
gnifi
cant
acc
ount
ing
polic
ies i
n co
ntro
vers
ial o
r em
ergi
ng a
reas
for w
hich
ther
e is
a la
ck o
f aut
horit
ativ
e gu
idan
ce o
r co
nsen
sus;
and
cha
nges
in th
e en
tity’
s acc
ount
ing
polic
ies.
The
audi
tor a
lso
iden
tifie
s fin
anci
al re
porti
ng st
anda
rds a
nd
regu
latio
ns th
at a
re n
ew to
the
entit
y an
d co
nsid
ers w
hen
and
how
the
entit
y w
ill a
dopt
such
requ
irem
ents
. W
here
the
entit
y ha
s cha
nged
its s
elec
tion
of o
r met
hod
of a
pply
ing
a si
gnifi
cant
acc
ount
ing
polic
y, th
e au
dito
r con
side
rs th
e re
ason
s for
the
chan
ge a
nd w
heth
er it
is a
ppro
pria
te a
nd c
onsi
sten
t with
the
requ
irem
ents
of t
he a
pplic
able
fina
ncia
l rep
ortin
g fr
amew
ork.
10c
A24
10
c
Not
e: B
old
type
sen
tenc
e ha
s be
en
redr
afte
d.
29.
The
pres
enta
tion
of fi
nanc
ial s
tate
men
ts in
con
form
ity w
ith th
e ap
plic
able
fina
ncia
l rep
ortin
g fr
amew
ork
incl
udes
ade
quat
e
Cov
ered
by
ISA
700
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
5
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 1
9 of
56
disc
losu
re o
f mat
eria
l mat
ters
. The
se m
atte
rs re
late
to th
e fo
rm, a
rran
gem
ent,
and
cont
ent o
f the
fina
ncia
l sta
tem
ents
and
thei
r ap
pend
ed n
otes
, inc
ludi
ng, f
or e
xam
ple,
the
term
inol
ogy
used
, the
am
ount
of d
etai
l giv
en, t
he c
lass
ifica
tion
of it
ems i
n th
e st
atem
ents
, and
the
basi
s of a
mou
nts s
et fo
rth. T
he a
udito
r con
side
rs w
heth
er th
e en
tity
has d
iscl
osed
a p
artic
ular
mat
ter
appr
opria
tely
in li
ght o
f the
circ
umst
ance
s and
fact
s of w
hich
the
audi
tor i
s aw
are
at th
e tim
e.
OBJ
ECTI
VES
AND
STR
ATEG
IES
AND
REL
ATED
BU
SIN
ESS
RISK
S
30.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
ent
ity’s
obj
ectiv
es a
nd st
rate
gies
, and
the
rela
ted
busi
ness
ris
ks th
at
may
res
ult i
n m
ater
ial m
isst
atem
ent o
f the
fina
ncia
l sta
tem
ents
. Th
e en
tity
cond
ucts
its b
usin
ess i
n th
e co
ntex
t of i
ndus
try, r
egul
ator
y an
d ot
her i
nter
nal a
nd e
xter
nal f
acto
rs. T
o re
spon
d to
th
ese
fact
ors,
the
entit
y’s m
anag
emen
t or t
hose
cha
rged
with
gov
erna
nce
defin
e ob
ject
ives
, whi
ch a
re th
e ov
eral
l pla
ns fo
r the
en
tity.
Stra
tegi
es a
re th
e op
erat
iona
l app
roac
hes b
y w
hich
man
agem
ent i
nten
ds to
ach
ieve
its o
bjec
tives
.
Bus
ines
s ris
ks re
sult
from
sign
ifica
nt c
ondi
tions
, eve
nts,
circ
umst
ance
s, ac
tions
or i
nact
ions
that
cou
ld a
dver
sely
affe
ct th
e en
tity’
s abi
lity
to a
chie
ve it
s obj
ectiv
es a
nd e
xecu
te it
s stra
tegi
es, o
r thr
ough
the
setti
ng o
f ina
ppro
pria
te o
bjec
tives
and
st
rate
gies
.
Ju
st a
s the
ext
erna
l env
ironm
ent c
hang
es, t
he c
ondu
ct o
f the
ent
ity’s
bus
ines
s is a
lso
dyna
mic
and
the
entit
y’s s
trate
gies
and
ob
ject
ives
cha
nge
over
tim
e.
10d
A25
4a
A
25
31.
Bus
ines
s ris
k is
bro
ader
than
the
risk
of m
ater
ial m
isst
atem
ent o
f the
fina
ncia
l sta
tem
ents
, tho
ugh
it in
clud
es th
e la
tter.
Bus
ines
s ris
k pa
rticu
larly
may
aris
e fr
om c
hang
e or
com
plex
ity, t
houg
h a
failu
re to
reco
gniz
e th
e ne
ed fo
r cha
nge
may
als
o gi
ve ri
se to
risk
. Cha
nge
may
aris
e, fo
r exa
mpl
e, fr
om th
e de
velo
pmen
t of n
ew p
rodu
cts t
hat m
ay fa
il; fr
om a
n in
adeq
uate
m
arke
t, ev
en if
succ
essf
ully
dev
elop
ed; o
r fro
m fl
aws t
hat m
ay re
sult
in li
abili
ties a
nd re
puta
tiona
l ris
k.
A
n un
ders
tand
ing
of b
usin
ess r
isks
incr
ease
s the
like
lihoo
d of
iden
tifyi
ng ri
sks o
f mat
eria
l mis
stat
emen
t. H
owev
er, t
he a
udito
r do
es n
ot h
ave
a re
spon
sibi
lity
to id
entif
y or
ass
ess a
ll bu
sine
ss ri
sks.
A26
10
d
32.
Mos
t bus
ines
s ris
ks w
ill e
vent
ually
hav
e fin
anci
al c
onse
quen
ces a
nd, t
here
fore
, an
effe
ct o
n th
e fin
anci
al st
atem
ents
. H
owev
er, n
ot a
ll bu
sine
ss ri
sks g
ive
rise
to ri
sks o
f mat
eria
l mis
stat
emen
t.
10d
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
6
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
0 of
56
A
bus
ines
s ris
k m
ay h
ave
an im
med
iate
con
sequ
ence
for t
he ri
sk o
f mis
stat
emen
t for
cla
sses
of t
rans
actio
ns, a
ccou
nt b
alan
ces,
and
disc
losu
res a
t the
ass
ertio
n le
vel o
r the
fina
ncia
l sta
tem
ents
as a
who
le. F
or e
xam
ple,
the
busi
ness
risk
aris
ing
from
a
cont
ract
ing
cust
omer
bas
e du
e to
indu
stry
con
solid
atio
n m
ay in
crea
se th
e ris
k of
mis
stat
emen
t ass
ocia
ted
with
the
valu
atio
n of
re
ceiv
able
s. H
owev
er, t
he sa
me
risk,
par
ticul
arly
in c
ombi
natio
n w
ith a
con
tract
ing
econ
omy,
may
als
o ha
ve a
long
er-te
rm
cons
eque
nce,
whi
ch th
e au
dito
r con
side
rs w
hen
asse
ssin
g th
e ap
prop
riate
ness
of t
he g
oing
con
cern
ass
umpt
ion.
The
aud
itor’s
co
nsid
erat
ion
of w
heth
er a
bus
ines
s ris
k m
ay re
sult
in m
ater
ial m
isst
atem
ent i
s, th
eref
ore,
mad
e in
ligh
t of t
he e
ntity
’s
circ
umst
ance
s. Ex
ampl
es o
f con
ditio
ns a
nd e
vent
s tha
t may
indi
cate
risk
s of m
ater
ial m
isst
atem
ent a
re g
iven
in A
ppen
dix
3.
A28
N
ote:
Pen
ultim
ate s
ente
nces
as b
een
reda
fted.
33.
Usu
ally
man
agem
ent i
dent
ifies
bus
ines
s ris
ks a
nd d
evel
ops a
ppro
ache
s to
addr
ess t
hem
. Suc
h a
risk
asse
ssm
ent p
roce
ss is
par
t of
inte
rnal
con
trol a
nd is
dis
cuss
ed in
par
agra
phs 7
6 to
79.
34
. Sm
alle
r ent
ities
ofte
n do
not
set t
heir
obje
ctiv
es a
nd st
rate
gies
, or m
anag
e th
e re
late
d bu
sine
ss ri
sks,
thro
ugh
form
al p
lans
or
proc
esse
s. In
man
y ca
ses t
here
may
be
no d
ocum
enta
tion
of su
ch m
atte
rs. I
n su
ch e
ntiti
es, t
he a
udito
r’s u
nder
stan
ding
is
ordi
naril
y ob
tain
ed th
roug
h in
quiri
es o
f man
agem
ent a
nd o
bser
vatio
n of
how
the
entit
y re
spon
ds to
such
mat
ters
.
A29
A
110
MEA
SURE
MEN
T AN
D R
EVIE
W O
F TH
E EN
TITY
’S F
INAN
CIA
L PE
RFO
RMAN
CE
35.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
mea
sure
men
t and
rev
iew
of t
he e
ntity
’s fi
nanc
ial p
erfo
rman
ce.
Perf
orm
ance
mea
sure
s and
thei
r rev
iew
indi
cate
to th
e au
dito
r asp
ects
of t
he e
ntity
’s p
erfo
rman
ce th
at m
anag
emen
t and
oth
ers
cons
ider
to b
e of
impo
rtanc
e. P
erfo
rman
ce m
easu
res,
whe
ther
ext
erna
l or i
nter
nal,
crea
te p
ress
ures
on
the
entit
y th
at, i
n tu
rn,
may
mot
ivat
e m
anag
emen
t to
take
act
ion
to im
prov
e th
e bu
sine
ss p
erfo
rman
ce o
r to
mis
stat
e th
e fin
anci
al st
atem
ents
. O
btai
ning
an
unde
rsta
ndin
g of
the
entit
y’s p
erfo
rman
ce m
easu
res a
ssis
ts th
e au
dito
r in
cons
ider
ing
whe
ther
such
pre
ssur
es
resu
lt in
man
agem
ent a
ctio
ns th
at m
ay h
ave
incr
ease
d th
e ris
ks o
f mat
eria
l mis
stat
emen
t.
10e
A30
10
e
Not
e:
Firs
t se
nten
ce
has
been
re
draf
ted.
36.
Man
agem
ent’s
mea
sure
men
t and
revi
ew o
f the
ent
ity’s
fina
ncia
l per
form
ance
is to
be
dist
ingu
ishe
d fr
om th
e m
onito
ring
of
cont
rols
(dis
cuss
ed a
s a c
ompo
nent
of i
nter
nal c
ontro
l in
para
grap
hs 9
6-99
), th
ough
thei
r pur
pose
s may
ove
rlap.
Mon
itorin
g of
con
trols
, how
ever
, is s
peci
fical
ly c
once
rned
with
the
effe
ctiv
e op
erat
ion
of in
tern
al c
ontro
l thr
ough
con
side
ratio
n of
in
form
atio
n ab
out t
he c
ontro
l. Th
e m
easu
rem
ent a
nd re
view
of p
erfo
rman
ce is
dire
cted
at w
heth
er b
usin
ess p
erfo
rman
ce is
A31
N
ote:
Pa
ragr
aph
has
been
re
draf
ted.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
7
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
1 of
56
mee
ting
the
obje
ctiv
es se
t by
man
agem
ent (
or th
ird p
artie
s), b
ut in
som
e ca
ses p
erfo
rman
ce in
dica
tors
als
o pr
ovid
e in
form
atio
n th
at e
nabl
es m
anag
emen
t to
iden
tify
defic
ienc
ies i
n in
tern
al c
ontro
l.
37.
Inte
rnal
ly-g
ener
ated
info
rmat
ion
used
by
man
agem
ent f
or th
is p
urpo
se m
ay in
clud
e ke
y pe
rfor
man
ce in
dica
tors
(fin
anci
al a
nd
non-
finan
cial
), bu
dget
s, va
rianc
e an
alys
is, s
egm
ent i
nfor
mat
ion
and
divi
sion
al, d
epar
tmen
tal o
r oth
er le
vel p
erfo
rman
ce
repo
rts, a
nd c
ompa
rison
s of a
n en
tity’
s per
form
ance
with
that
of c
ompe
titor
s. Ex
tern
al p
artie
s may
als
o m
easu
re a
nd re
view
th
e en
tity’
s fin
anci
al p
erfo
rman
ce. F
or e
xam
ple,
ext
erna
l inf
orm
atio
n su
ch a
s ana
lyst
s’ re
ports
and
cre
dit r
atin
g ag
ency
repo
rts
may
pro
vide
info
rmat
ion
usef
ul to
the
audi
tor’s
und
erst
andi
ng o
f the
ent
ity a
nd it
s env
ironm
ent.
Such
repo
rts o
ften
are
obta
ined
from
the
entit
y be
ing
audi
ted.
A32
-A
33
Not
e:
Para
grap
h ha
s be
en
redr
afte
d.
38.
Inte
rnal
mea
sure
s may
hig
hlig
ht u
nexp
ecte
d re
sults
or t
rend
s req
uirin
g m
anag
emen
t’s in
quiry
of o
ther
s in
orde
r to
dete
rmin
e th
eir c
ause
and
take
cor
rect
ive
actio
n (in
clud
ing,
in so
me
case
s, th
e de
tect
ion
and
corr
ectio
n of
mis
stat
emen
ts o
n a
timel
y ba
sis)
. Per
form
ance
mea
sure
s may
als
o in
dica
te to
the
audi
tor a
risk
of m
isst
atem
ent o
f rel
ated
fina
ncia
l sta
tem
ent
info
rmat
ion.
For
exa
mpl
e, p
erfo
rman
ce m
easu
res m
ay in
dica
te th
at th
e en
tity
has u
nusu
ally
rapi
d gr
owth
or p
rofit
abili
ty w
hen
com
pare
d to
that
of o
ther
ent
ities
in th
e sa
me
indu
stry
. Suc
h in
form
atio
n, p
artic
ular
ly if
com
bine
d w
ith o
ther
fact
ors s
uch
as
perf
orm
ance
-bas
ed b
onus
or i
ncen
tive
rem
uner
atio
n, m
ay in
dica
te th
e po
tent
ial r
isk
of m
anag
emen
t bia
s in
the
prep
arat
ion
of
the
finan
cial
stat
emen
ts.
A34
39.
Muc
h of
the
info
rmat
ion
used
in p
erfo
rman
ce m
easu
rem
ent m
ay b
e pr
oduc
ed b
y th
e en
tity’
s inf
orm
atio
n sy
stem
. If
man
agem
ent a
ssum
es th
at d
ata
used
for r
evie
win
g th
e en
tity’
s per
form
ance
are
acc
urat
e w
ithou
t hav
ing
a ba
sis f
or th
at
assu
mpt
ion,
err
ors m
ay e
xist
in th
e in
form
atio
n, p
oten
tially
lead
ing
man
agem
ent t
o in
corr
ect c
oncl
usio
ns a
bout
per
form
ance
. W
hen
the
audi
tor i
nten
ds to
mak
e us
e of
the
perf
orm
ance
mea
sure
s for
the
purp
ose
of th
e au
dit (
for e
xam
ple,
for a
naly
tical
pr
oced
ures
), th
e au
dito
r con
side
rs w
heth
er th
e in
form
atio
n re
late
d to
man
agem
ent’s
revi
ew o
f the
ent
ity’s
per
form
ance
pr
ovid
es a
relia
ble
basi
s and
is su
ffici
ently
pre
cise
for s
uch
a pu
rpos
e. If
mak
ing
use
of p
erfo
rman
ce m
easu
res,
the
audi
tor
cons
ider
s whe
ther
they
are
pre
cise
eno
ugh
to d
etec
t mat
eria
l mis
stat
emen
ts.
- To
be
posi
tione
d in
red
rafte
d IS
A
500.
40
Smal
ler e
ntiti
es o
rdin
arily
do
not h
ave
form
al p
roce
sses
to m
easu
re a
nd re
view
the
entit
y’s f
inan
cial
per
form
ance
. M
anag
emen
t nev
erth
eles
s ofte
n re
lies o
n ce
rtain
key
indi
cato
rs w
hich
kno
wle
dge
and
expe
rienc
e of
the
busi
ness
sugg
est a
re
relia
ble
base
s for
eva
luat
ing
finan
cial
per
form
ance
and
taki
ng a
ppro
pria
te a
ctio
n.
A11
1
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
8
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
2 of
56
I NTE
RNAL
CO
NTR
OL
41.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f int
erna
l con
trol
rel
evan
t to
the
audi
t.
The
audi
tor u
ses t
he u
nder
stan
ding
of i
nter
nal c
ontro
l to
iden
tify
type
s of p
oten
tial m
isst
atem
ents
, con
side
r fac
tors
that
affe
ct
the
risks
of m
ater
ial m
isst
atem
ent,
and
desi
gn th
e na
ture
, tim
ing,
and
ext
ent o
f fur
ther
aud
it pr
oced
ures
. Int
erna
l con
trol
rele
vant
to th
e au
dit i
s dis
cuss
ed in
par
agra
phs 4
7-53
bel
ow. I
n ad
ditio
n, th
e de
pth
of th
e un
ders
tand
ing
is d
iscu
ssed
in
para
grap
hs 5
4-56
bel
ow.
11
42.
Inte
rnal
con
trol i
s the
pro
cess
des
igne
d an
d ef
fect
ed b
y th
ose
char
ged
with
gov
erna
nce,
man
agem
ent,
and
othe
r per
sonn
el to
pr
ovid
e re
ason
able
ass
uran
ce a
bout
the
achi
evem
ent o
f the
ent
ity’s
obj
ectiv
es w
ith re
gard
to re
liabi
lity
of fi
nanc
ial r
epor
ting,
ef
fect
iven
ess a
nd e
ffici
ency
of o
pera
tions
and
com
plia
nce
with
app
licab
le la
ws a
nd re
gula
tions
. It f
ollo
ws t
hat i
nter
nal c
ontro
l is
des
igne
d an
d im
plem
ente
d to
add
ress
iden
tifie
d bu
sine
ss ri
sks t
hat t
hrea
ten
the
achi
evem
ent o
f any
of t
hese
obj
ectiv
es.
A36
43.
Inte
rnal
con
trol,
as d
iscu
ssed
in th
is IS
A, c
onsi
sts o
f the
follo
win
g co
mpo
nent
s:
(a)
The
cont
rol e
nviro
nmen
t. (b
) Th
e en
tity’
s ris
k as
sess
men
t pro
cess
. (c
) Th
e in
form
atio
n sy
stem
, inc
ludi
ng th
e re
late
d bu
sine
ss p
roce
sses
, rel
evan
t to
finan
cial
repo
rting
, and
com
mun
icat
ion.
(d
) C
ontro
l act
iviti
es.
(e)
Mon
itorin
g of
con
trols
. A
ppen
dix
2 co
ntai
ns a
det
aile
d di
scus
sion
of t
he in
tern
al c
ontro
l com
pone
nts.
O
verv
iew
no
long
er n
eces
sary
as a
re
sult
of re
draf
ting.
44.
The
divi
sion
of i
nter
nal c
ontro
l int
o th
e fiv
e co
mpo
nent
s pro
vide
s a u
sefu
l fra
mew
ork
for a
udito
rs to
con
side
r how
diff
eren
t as
pect
s of a
n en
tity’
s int
erna
l con
trol m
ay a
ffect
the
audi
t. Th
e di
visi
on d
oes n
ot n
eces
saril
y re
flect
how
an
entit
y co
nsid
ers
and
impl
emen
ts in
tern
al c
ontro
l.
A
lso,
the
audi
tor’s
prim
ary
cons
ider
atio
n is
whe
ther
, and
how
, a sp
ecifi
c co
ntro
l pre
vent
s, or
det
ects
and
cor
rect
s, m
ater
ial
mis
stat
emen
ts in
cla
sses
of t
rans
actio
ns, a
ccou
nt b
alan
ces,
or d
iscl
osur
es, a
nd th
eir r
elat
ed a
sser
tions
, rat
her t
han
its
clas
sific
atio
n in
to a
ny p
artic
ular
com
pone
nt.
A
ccor
ding
ly, a
udito
rs m
ay u
se d
iffer
ent t
erm
inol
ogy
or fr
amew
orks
to d
escr
ibe
the
vario
us a
spec
ts o
f int
erna
l con
trol,
and
thei
r effe
ct o
n th
e au
dit t
han
thos
e us
ed in
this
ISA
, pro
vide
d al
l the
com
pone
nts d
escr
ibed
in th
is IS
A a
re a
ddre
ssed
.
A40
12
&
A40
A
40
Not
e: A
40 in
clud
es th
e la
st p
art o
f th
e se
nten
ce.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·173
9
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
3 of
56
45.
The
way
in w
hich
inte
rnal
con
trol i
s des
igne
d an
d im
plem
ente
d va
ries w
ith a
n en
tity’
s siz
e an
d co
mpl
exity
.
Spe
cific
ally
, sm
alle
r ent
ities
may
use
less
form
al m
eans
and
sim
pler
pro
cess
es a
nd p
roce
dure
s to
achi
eve
thei
r obj
ectiv
es. F
or
exam
ple,
smal
ler e
ntiti
es w
ith a
ctiv
e m
anag
emen
t inv
olve
men
t in
the
finan
cial
repo
rting
pro
cess
may
not
hav
e ex
tens
ive
desc
riptio
ns o
f acc
ount
ing
proc
edur
es o
r det
aile
d w
ritte
n po
licie
s. Fo
r som
e en
titie
s, in
par
ticul
ar v
ery
smal
l ent
ities
, the
ow
ner-m
anag
er m
ay p
erfo
rm fu
nctio
ns w
hich
in a
larg
er e
ntity
wou
ld b
e re
gard
ed a
s bel
ongi
ng to
seve
ral o
f the
com
pone
nts
of in
tern
al c
ontro
l. Th
eref
ore,
the
com
pone
nts o
f int
erna
l con
trol m
ay n
ot b
e cl
early
dis
tingu
ishe
d w
ithin
smal
ler e
ntiti
es, b
ut
thei
r und
erly
ing
purp
oses
are
equ
ally
val
id.
A36
/ A
112
A11
2
46.
For t
he p
urpo
ses o
f thi
s ISA
, the
term
“in
tern
al c
ontro
l” e
ncom
pass
es a
ll fiv
e co
mpo
nent
s of i
nter
nal c
ontro
l sta
ted
abov
e. In
ad
ditio
n, th
e te
rm “
cont
rols
” re
fers
to o
ne o
r mor
e of
the
com
pone
nts,
or a
ny a
spec
t the
reof
.
4b
Con
trols
Rel
evan
t to
the A
udit
47.
Ther
e is
a d
irect
rela
tions
hip
betw
een
an e
ntity
’s o
bjec
tives
and
the
cont
rols
it im
plem
ents
to p
rovi
de re
ason
able
ass
uran
ce
abou
t the
ir ac
hiev
emen
t. Th
e en
tity’
s obj
ectiv
es, a
nd th
eref
ore
cont
rols
, rel
ate
to fi
nanc
ial r
epor
ting,
ope
ratio
ns a
nd
com
plia
nce;
how
ever
, not
all
of th
ese
obje
ctiv
es a
nd c
ontro
ls a
re re
leva
nt to
the
audi
tor’s
risk
ass
essm
ent.
A48
48.
Ord
inar
ily, c
ontro
ls th
at a
re re
leva
nt to
an
audi
t per
tain
to th
e en
tity’
s obj
ectiv
e of
pre
parin
g fin
anci
al st
atem
ents
for e
xter
nal
purp
oses
that
giv
e a
true
and
fair
view
(or a
re p
rese
nted
fairl
y, in
all
mat
eria
l res
pect
s) in
acc
orda
nce
with
the
appl
icab
le
finan
cial
repo
rting
fram
ewor
k an
d th
e m
anag
emen
t of r
isk
that
may
giv
e ris
e to
a m
ater
ial m
isst
atem
ent i
n th
ose
finan
cial
st
atem
ents
. It
is a
mat
ter o
f the
aud
itor’s
pro
fess
iona
l jud
gmen
t, su
bjec
t to
the
requ
irem
ents
of t
his I
SA, w
heth
er a
con
trol,
indi
vidu
ally
or
in c
ombi
natio
n w
ith o
ther
s, is
rele
vant
to th
e au
dito
r’s c
onsi
dera
tions
in a
sses
sing
the
risks
of m
ater
ial m
isst
atem
ent a
nd
desi
gnin
g an
d pe
rfor
min
g fu
rther
pro
cedu
res i
n re
spon
se to
ass
esse
d ris
ks.
In e
xerc
isin
g th
at ju
dgm
ent,
the
audi
tor c
onsi
ders
th
e ci
rcum
stan
ces,
the
appl
icab
le c
ompo
nent
and
fact
ors s
uch
as th
e fo
llow
ing:
•
The
audi
tor’s
judg
men
t abo
ut m
ater
ialit
y.
• Th
e si
ze o
f the
ent
ity.
• Th
e na
ture
of t
he e
ntity
’s b
usin
ess,
incl
udin
g its
org
aniz
atio
n an
d ow
ners
hip
char
acte
ristic
s. •
The
dive
rsity
and
com
plex
ity o
f the
ent
ity’s
ope
ratio
ns.
12
A49
Unn
eces
sary
repe
titio
n.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
0
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
4 of
56
• A
pplic
able
lega
l and
regu
lato
ry re
quire
men
ts.
• Th
e na
ture
and
com
plex
ity o
f the
syst
ems t
hat a
re p
art o
f the
ent
ity’s
inte
rnal
con
trol,
incl
udin
g th
e us
e of
serv
ice
orga
niza
tions
.
49.
Con
trols
ove
r the
com
plet
enes
s and
acc
urac
y of
info
rmat
ion
prod
uced
by
the
entit
y m
ay a
lso
be re
leva
nt to
the
audi
t if t
he
audi
tor i
nten
ds to
mak
e us
e of
the
info
rmat
ion
in d
esig
ning
and
per
form
ing
furth
er p
roce
dure
s. Th
e au
dito
r’s p
revi
ous
expe
rienc
e w
ith th
e en
tity
and
info
rmat
ion
obta
ined
in u
nder
stan
ding
the
entit
y an
d its
env
ironm
ent a
nd th
roug
hout
the
audi
t as
sist
s the
aud
itor i
n id
entif
ying
con
trols
rele
vant
to th
e au
dit.
Furth
er, a
lthou
gh in
tern
al c
ontro
l app
lies t
o th
e en
tire
entit
y or
to
any
of i
ts o
pera
ting
units
or b
usin
ess p
roce
sses
, an
unde
rsta
ndin
g of
inte
rnal
con
trol r
elat
ing
to e
ach
of th
e en
tity’
s op
erat
ing
units
and
bus
ines
s pro
cess
es m
ay n
ot b
e re
leva
nt to
the
audi
t.
A50
A
52
Rep
etiti
ve a
nd u
nnec
essa
ry.
50.
Con
trols
rela
ting
to o
pera
tions
and
com
plia
nce
obje
ctiv
es m
ay, h
owev
er, b
e re
leva
nt to
an
audi
t if t
hey
perta
in to
dat
a th
e au
dito
r eva
luat
es o
r use
s in
appl
ying
aud
it pr
oced
ures
. For
exa
mpl
e, c
ontro
ls p
erta
inin
g to
non
-fin
anci
al d
ata
that
the
audi
tor
uses
in a
naly
tical
pro
cedu
res,
such
as p
rodu
ctio
n st
atis
tics,
or c
ontro
ls p
erta
inin
g to
det
ectin
g no
n-co
mpl
ianc
e w
ith la
ws a
nd
regu
latio
ns th
at m
ay h
ave
a di
rect
and
mat
eria
l effe
ct o
n th
e fin
anci
al st
atem
ents
, suc
h as
con
trols
ove
r com
plia
nce
with
in
com
e ta
x la
ws a
nd re
gula
tions
use
d to
det
erm
ine
the
inco
me
tax
prov
isio
n, m
ay b
e re
leva
nt to
an
audi
t.
A50
Th
e ex
ampl
e do
es n
ot a
ppea
r to
enha
nce
furth
er th
e po
int b
eing
m
ade
in th
e fir
st se
nten
ce.
51.
An
entit
y ge
nera
lly h
as c
ontro
ls re
latin
g to
obj
ectiv
es th
at a
re n
ot re
leva
nt to
an
audi
t and
ther
efor
e ne
ed n
ot b
e co
nsid
ered
. Fo
r exa
mpl
e, a
n en
tity
may
rely
on
a so
phis
ticat
ed sy
stem
of a
utom
ated
con
trols
to p
rovi
de e
ffici
ent a
nd e
ffect
ive
oper
atio
ns
(suc
h as
a c
omm
erci
al a
irlin
e’s s
yste
m o
f aut
omat
ed c
ontro
ls to
mai
ntai
n fli
ght s
ched
ules
), bu
t the
se c
ontro
ls o
rdin
arily
wou
ld
not b
e re
leva
nt to
the
audi
t.
A52
52.
Inte
rnal
con
trol o
ver s
afeg
uard
ing
of a
sset
s aga
inst
una
utho
rized
acq
uisi
tion,
use
, or d
ispo
sitio
n m
ay in
clud
e co
ntro
ls re
latin
g to
fina
ncia
l rep
ortin
g an
d op
erat
ions
obj
ectiv
es. I
n ob
tain
ing
an u
nder
stan
ding
of e
ach
of th
e co
mpo
nent
s of i
nter
nal c
ontro
l, th
e au
dito
r’s c
onsi
dera
tion
of sa
fegu
ardi
ng c
ontro
ls is
gen
eral
ly li
mite
d to
thos
e re
leva
nt to
the
relia
bilit
y of
fina
ncia
l re
porti
ng. F
or e
xam
ple,
use
of a
cces
s con
trols
, suc
h as
pas
swor
ds, t
hat l
imit
acce
ss to
the
data
and
pro
gram
s tha
t pro
cess
cas
h di
sbur
sem
ents
may
be
rele
vant
to a
fina
ncia
l sta
tem
ent a
udit.
Con
vers
ely,
con
trols
to p
reve
nt th
e ex
cess
ive
use
of m
ater
ials
in
prod
uctio
n ge
nera
lly a
re n
ot re
leva
nt to
a fi
nanc
ial s
tate
men
t aud
it.
A51
Th
e ex
ampl
e do
es n
ot a
ppea
r to
en
hanc
e fu
rther
th
e po
int
bein
g m
ade
in th
e fir
st se
nten
ce.
53.
Con
trols
rele
vant
to th
e au
dit m
ay e
xist
in a
ny o
f the
com
pone
nts o
f int
erna
l con
trol a
nd a
furth
er d
iscu
ssio
n of
con
trols
re
leva
nt to
the
audi
t is i
nclu
ded
unde
r the
hea
ding
of e
ach
inte
rnal
con
trol c
ompo
nent
bel
ow. I
n ad
ditio
n, p
arag
raph
s 113
and
Ove
rvie
w
not
cons
ider
ed
nece
ssar
y.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
1
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
5 of
56
115
disc
uss c
erta
in ri
sks f
or w
hich
the
audi
tor i
s req
uire
d to
eva
luat
e th
e de
sign
of t
he e
ntity
’s c
ontro
ls o
ver s
uch
risks
and
de
term
ine
whe
ther
they
hav
e be
en im
plem
ente
d.
Dep
th o
f Und
erst
andi
ng o
f Int
erna
l Con
trol
54.
Obt
aini
ng a
n un
ders
tand
ing
of in
tern
al c
ontro
l inv
olve
s eva
luat
ing
the
desi
gn o
f a c
ontro
l and
det
erm
inin
g w
heth
er it
has
bee
n im
plem
ente
d. E
valu
atin
g th
e de
sign
of a
con
trol i
nvol
ves c
onsi
derin
g w
heth
er th
e co
ntro
l, in
divi
dual
ly o
r in
com
bina
tion
with
ot
her c
ontro
ls, i
s cap
able
of e
ffect
ivel
y pr
even
ting,
or d
etec
ting
and
corr
ectin
g, m
ater
ial m
isst
atem
ents
. Fur
ther
exp
lana
tion
is
cont
aine
d in
the
disc
ussi
on o
f eac
h in
tern
al c
ontro
l com
pone
nt b
elow
. Im
plem
enta
tion
of a
con
trol m
eans
that
the
cont
rol
exis
ts a
nd th
at th
e en
tity
is u
sing
it. T
he a
udito
r con
side
rs th
e de
sign
of a
con
trol i
n de
term
inin
g w
heth
er to
con
side
r its
im
plem
enta
tion.
An
impr
oper
ly d
esig
ned
cont
rol m
ay re
pres
ent a
mat
eria
l wea
knes
s in
the
entit
y’s i
nter
nal c
ontro
l and
the
audi
tor c
onsi
ders
w
heth
er to
com
mun
icat
e th
is to
thos
e ch
arge
d w
ith g
over
nanc
e an
d m
anag
emen
t as r
equi
red
by p
arag
raph
120
.
13
A54
A
54
Not
e: F
irst t
wo
sent
ence
s hav
e bee
n re
draf
ted.
N
ote:
Sen
tenc
e ha
s bee
n re
draf
ted.
R
epet
itive
sta
tem
ent
thro
ugh
the
ISA
. 55
. R
isk
asse
ssm
ent p
roce
dure
s to
obta
in a
udit
evid
ence
abo
ut th
e de
sign
and
impl
emen
tatio
n of
rele
vant
con
trols
may
incl
ude
inqu
iring
of e
ntity
per
sonn
el, o
bser
ving
the
appl
icat
ion
of sp
ecifi
c co
ntro
ls, i
nspe
ctin
g do
cum
ents
and
repo
rts, a
nd tr
acin
g tra
nsac
tions
thro
ugh
the
info
rmat
ion
syst
em re
leva
nt to
fina
ncia
l rep
ortin
g.
In
quiry
alo
ne is
not
suffi
cien
t to
eval
uate
the
desi
gn o
f a c
ontro
l rel
evan
t to
an a
udit
and
to d
eter
min
e w
heth
er it
has
bee
n im
plem
ente
d.
A55
13
Not
e: S
ente
nce
has b
een
redr
afte
d.
56.
Obt
aini
ng a
n un
ders
tand
ing
of a
n en
tity’
s con
trols
is n
ot su
ffici
ent t
o se
rve
as te
stin
g th
e op
erat
ing
effe
ctiv
enes
s of c
ontro
ls,
unle
ss th
ere
is so
me
auto
mat
ion
that
pro
vide
s for
the
cons
iste
nt a
pplic
atio
n of
the
oper
atio
n of
the
cont
rol (
man
ual a
nd
auto
mat
ed e
lem
ents
of i
nter
nal c
ontro
l rel
evan
t to
the
audi
t are
furth
er d
escr
ibed
bel
ow).
For e
xam
ple,
obt
aini
ng a
udit
evid
ence
abo
ut th
e im
plem
enta
tion
of a
man
ually
ope
rate
d co
ntro
l at a
poi
nt in
tim
e do
es n
ot p
rovi
de a
udit
evid
ence
abo
ut th
e op
erat
ing
effe
ctiv
enes
s of t
he c
ontro
l at o
ther
tim
es d
urin
g th
e pe
riod
unde
r aud
it. H
owev
er, I
T en
able
s an
entit
y to
pro
cess
la
rge
volu
mes
of d
ata
cons
iste
ntly
and
enh
ance
s the
ent
ity’s
abi
lity
to m
onito
r the
per
form
ance
of c
ontro
l act
iviti
es a
nd to
ac
hiev
e ef
fect
ive
segr
egat
ion
of d
utie
s by
impl
emen
ting
secu
rity
cont
rols
in a
pplic
atio
ns, d
atab
ases
, and
ope
ratin
g sy
stem
s. Th
eref
ore,
bec
ause
of t
he in
here
nt c
onsi
sten
cy o
f IT
proc
essi
ng, p
erfo
rmin
g au
dit p
roce
dure
s to
dete
rmin
e w
heth
er a
n au
tom
ated
con
trol h
as b
een
impl
emen
ted
may
serv
e as
a te
st o
f tha
t con
trol’s
ope
ratin
g ef
fect
iven
ess,
depe
ndin
g on
the
A57
R
epet
itive
mat
eria
l.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
2
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
6 of
56
audi
tor’s
ass
essm
ent a
nd te
stin
g of
con
trols
such
as t
hose
ove
r pro
gram
cha
nges
. Tes
ts o
f the
ope
ratin
g ef
fect
iven
ess o
f co
ntro
ls a
re fu
rther
des
crib
ed in
ISA
330
. C
hara
cter
istic
s of M
anua
l and
Aut
omat
ed E
lem
ents
of I
nter
nal C
ontro
l Rel
evan
t to
the A
udito
r’s R
isk
Ass
essm
ent
57.
Mos
t ent
ities
mak
e us
e of
IT sy
stem
s for
fina
ncia
l rep
ortin
g an
d op
erat
iona
l pur
pose
s. H
owev
er, e
ven
whe
n IT
is e
xten
sive
ly
used
, the
re w
ill b
e m
anua
l ele
men
ts to
the
syst
ems.
The
bala
nce
betw
een
man
ual a
nd a
utom
ated
ele
men
ts v
arie
s. In
cer
tain
ca
ses,
parti
cula
rly sm
alle
r, le
ss c
ompl
ex e
ntiti
es, t
he sy
stem
s may
be
prim
arily
man
ual.
In o
ther
cas
es, t
he e
xten
t of
auto
mat
ion
may
var
y w
ith so
me
syst
ems s
ubst
antia
lly a
utom
ated
with
few
rela
ted
man
ual e
lem
ents
and
oth
ers,
even
with
in
the
sam
e en
tity,
pre
dom
inan
tly m
anua
l. A
s a re
sult,
an
entit
y’s s
yste
m o
f int
erna
l con
trol i
s lik
ely
to c
onta
in m
anua
l and
au
tom
ated
ele
men
ts, t
he c
hara
cter
istic
s of w
hich
are
rele
vant
to th
e au
dito
r’s ri
sk a
sses
smen
t and
furth
er a
udit
proc
edur
es
base
d th
ereo
n.
A41
Dis
curs
ive
in n
atur
e an
d co
vere
d by
the
follo
win
g m
ater
ial.
58.
The
use
of m
anua
l or a
utom
ated
ele
men
ts in
inte
rnal
con
trol a
lso
affe
cts t
he m
anne
r in
whi
ch tr
ansa
ctio
ns a
re in
itiat
ed,
reco
rded
, pro
cess
ed, a
nd re
porte
d. C
ontro
ls in
a m
anua
l sys
tem
may
incl
ude
such
pro
cedu
res a
s app
rova
ls a
nd re
view
s of
activ
ities
, and
reco
ncili
atio
ns a
nd fo
llow
-up
of re
conc
iling
item
s. A
ltern
ativ
ely,
an
entit
y m
ay u
se a
utom
ated
pro
cedu
res t
o in
itiat
e, re
cord
, pro
cess
, and
repo
rt tra
nsac
tions
, in
whi
ch c
ase
reco
rds i
n el
ectro
nic
form
at re
plac
e su
ch p
aper
doc
umen
ts a
s pu
rcha
se o
rder
s, in
voic
es, s
hipp
ing
docu
men
ts, a
nd re
late
d ac
coun
ting
reco
rds.
Con
trols
in IT
syst
ems c
onsi
st o
f a
com
bina
tion
of a
utom
ated
con
trols
(for
exa
mpl
e, c
ontro
ls e
mbe
dded
in c
ompu
ter p
rogr
ams)
and
man
ual c
ontro
ls. F
urth
er,
man
ual c
ontro
ls m
ay b
e in
depe
nden
t of I
T, m
ay u
se in
form
atio
n pr
oduc
ed b
y IT
, or m
ay b
e lim
ited
to m
onito
ring
the
effe
ctiv
e fu
nctio
ning
of I
T an
d of
aut
omat
ed c
ontro
ls, a
nd to
han
dlin
g ex
cept
ions
. Whe
n IT
is u
sed
to in
itiat
e, re
cord
, pro
cess
or r
epor
t tra
nsac
tions
, or o
ther
fina
ncia
l dat
a fo
r inc
lusi
on in
fina
ncia
l sta
tem
ents
, the
syst
ems a
nd p
rogr
ams m
ay in
clud
e co
ntro
ls
rela
ted
to th
e co
rres
pond
ing
asse
rtion
s for
mat
eria
l acc
ount
s or m
ay b
e cr
itica
l to
the
effe
ctiv
e fu
nctio
ning
of m
anua
l con
trols
th
at d
epen
d on
IT. A
n en
tity’
s mix
of m
anua
l and
aut
omat
ed c
ontro
ls v
arie
s with
the
natu
re a
nd c
ompl
exity
of t
he e
ntity
’s u
se
of IT
.
A42
59.
Gen
eral
ly, I
T pr
ovid
es p
oten
tial b
enef
its o
f effe
ctiv
enes
s and
effi
cien
cy fo
r an
entit
y’s i
nter
nal c
ontro
l bec
ause
it e
nabl
es a
n en
tity
to:
• C
onsi
sten
tly a
pply
pre
defin
ed b
usin
ess r
ules
and
per
form
com
plex
cal
cula
tions
in p
roce
ssin
g la
rge
volu
mes
of
trans
actio
ns o
r dat
a;
• En
hanc
e th
e tim
elin
ess,
avai
labi
lity,
and
acc
urac
y of
info
rmat
ion;
A43
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
3
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
7 of
56
• Fa
cilit
ate
the
addi
tiona
l ana
lysi
s of i
nfor
mat
ion;
•
Enha
nce
the
abili
ty to
mon
itor t
he p
erfo
rman
ce o
f the
ent
ity’s
act
iviti
es a
nd it
s pol
icie
s and
pro
cedu
res;
•
Red
uce
the
risk
that
con
trols
will
be
circ
umve
nted
; and
•
Enha
nce
the
abili
ty to
ach
ieve
effe
ctiv
e se
greg
atio
n of
dut
ies b
y im
plem
entin
g se
curit
y co
ntro
ls in
app
licat
ions
, da
taba
ses,
and
oper
atin
g sy
stem
s. 60
. IT
als
o po
ses s
peci
fic ri
sks t
o an
ent
ity’s
inte
rnal
con
trol,
incl
udin
g th
e fo
llow
ing:
•
Rel
ianc
e on
syst
ems o
r pro
gram
s tha
t are
inac
cura
tely
pro
cess
ing
data
, pro
cess
ing
inac
cura
te d
ata,
or b
oth.
•
Una
utho
rized
acc
ess t
o da
ta th
at m
ay re
sult
in d
estru
ctio
n of
dat
a or
impr
oper
cha
nges
to d
ata,
incl
udin
g th
e re
cord
ing
of u
naut
horiz
ed o
r non
-exi
sten
t tra
nsac
tions
, or i
nacc
urat
e re
cord
ing
of tr
ansa
ctio
ns. P
artic
ular
risk
s may
aris
e w
here
m
ultip
le u
sers
acc
ess a
com
mon
dat
abas
e.
• Th
e po
ssib
ility
of I
T pe
rson
nel g
aini
ng a
cces
s priv
ilege
s bey
ond
thos
e ne
cess
ary
to p
erfo
rm th
eir a
ssig
ned
dutie
s th
ereb
y br
eaki
ng d
own
segr
egat
ion
of d
utie
s. •
Una
utho
rized
cha
nges
to d
ata
in m
aste
r file
s. •
Una
utho
rized
cha
nges
to sy
stem
s or p
rogr
ams.
• Fa
ilure
to m
ake
nece
ssar
y ch
ange
s to
syst
ems o
r pro
gram
s. •
Inap
prop
riate
man
ual i
nter
vent
ion.
•
Pote
ntia
l los
s of d
ata
or in
abili
ty to
acc
ess d
ata
as re
quire
d.
A44
61.
Man
ual a
spec
ts o
f sys
tem
s may
be
mor
e su
itabl
e w
here
judg
men
t and
dis
cret
ion
are
requ
ired
such
as f
or th
e fo
llow
ing
circ
umst
ance
s:
• La
rge,
unu
sual
or n
on-r
ecur
ring
trans
actio
ns.
• C
ircum
stan
ces w
here
err
ors a
re d
iffic
ult t
o de
fine,
ant
icip
ate
or p
redi
ct.
• In
cha
ngin
g ci
rcum
stan
ces t
hat r
equi
re a
con
trol r
espo
nse
outs
ide
the
scop
e of
an
exis
ting
auto
mat
ed c
ontro
l. •
In m
onito
ring
the
effe
ctiv
enes
s of a
utom
ated
con
trols
.
A45
62.
Man
ual c
ontro
ls a
re p
erfo
rmed
by
peop
le, a
nd th
eref
ore
pose
spec
ific
risks
to th
e en
tity’
s int
erna
l con
trol.
Man
ual c
ontro
ls m
ay b
e le
ss re
liabl
e th
an a
utom
ated
con
trols
bec
ause
they
can
be
mor
e ea
sily
byp
asse
d, ig
nore
d, o
r ove
rrid
den
and
they
are
al
so m
ore
pron
e to
sim
ple
erro
rs a
nd m
istak
es. C
onsi
sten
cy o
f app
licat
ion
of a
man
ual c
ontro
l ele
men
t can
not t
here
fore
be
assu
med
. Man
ual s
yste
ms m
ay b
e le
ss su
itabl
e fo
r the
follo
win
g:
• H
igh
volu
me
or re
curr
ing
trans
actio
ns, o
r in
situ
atio
ns w
here
err
ors t
hat c
an b
e an
ticip
ated
or p
redi
cted
can
be
A46
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
4
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
8 of
56
prev
ente
d or
det
ecte
d by
con
trol p
aram
eter
s tha
t are
aut
omat
ed.
• C
ontro
l act
iviti
es w
here
the
spec
ific
way
s to
perf
orm
the
cont
rol c
an b
e ad
equa
tely
des
igne
d an
d au
tom
ated
. 63
. Th
e ex
tent
and
nat
ure
of th
e ris
ks to
inte
rnal
con
trol v
ary
depe
ndin
g on
the
natu
re a
nd c
hara
cter
istic
s of t
he e
ntity
’s
info
rmat
ion
syst
em. T
here
fore
in u
nder
stan
ding
inte
rnal
con
trol,
the
audi
tor c
onsi
ders
whe
ther
the
entit
y ha
s res
pond
ed
adeq
uate
ly to
the
risks
aris
ing
from
the
use
of IT
or m
anua
l sys
tem
s by
esta
blis
hing
effe
ctiv
e co
ntro
ls.
A47
Lim
itatio
ns o
f Int
erna
l Con
trol
64.
Inte
rnal
con
trol,
no m
atte
r how
wel
l des
igne
d an
d op
erat
ed, c
an p
rovi
de a
n en
tity
with
onl
y re
ason
able
ass
uran
ce a
bout
ac
hiev
ing
the
entit
y’s f
inan
cial
repo
rting
obj
ectiv
es. T
he li
kelih
ood
of a
chie
vem
ent i
s affe
cted
by
limita
tions
inhe
rent
to
inte
rnal
con
trol.
Thes
e in
clud
e th
e re
aliti
es th
at h
uman
judg
men
t in
deci
sion
-mak
ing
can
be fa
ulty
and
that
bre
akdo
wns
in
inte
rnal
con
trol c
an o
ccur
bec
ause
of h
uman
failu
res,
such
as s
impl
e er
rors
or m
ista
kes.
For e
xam
ple,
if a
n en
tity’
s in
form
atio
n sy
stem
per
sonn
el d
o no
t com
plet
ely
unde
rsta
nd h
ow a
n or
der e
ntry
syst
em p
roce
sses
sale
s tra
nsac
tions
, the
y m
ay
erro
neou
sly
desi
gn c
hang
es to
the
syst
em to
pro
cess
sale
s for
a n
ew li
ne o
f pro
duct
s. O
n th
e ot
her h
and,
such
cha
nges
may
be
corr
ectly
des
igne
d bu
t mis
unde
rsto
od b
y in
divi
dual
s who
tran
slat
e th
e de
sign
into
pro
gram
cod
e. E
rror
s als
o m
ay o
ccur
in th
e us
e of
info
rmat
ion
prod
uced
by
IT. F
or e
xam
ple,
aut
omat
ed c
ontro
ls m
ay b
e de
sign
ed to
repo
rt tra
nsac
tions
ove
r a sp
ecifi
ed
amou
nt fo
r man
agem
ent r
evie
w, b
ut in
divi
dual
s res
pons
ible
for c
ondu
ctin
g th
e re
view
may
not
und
erst
and
the
purp
ose
of
such
repo
rts a
nd, a
ccor
ding
ly, m
ay fa
il to
revi
ew th
em o
r inv
estig
ate
unus
ual i
tem
s.
A37
N
ote:
Pa
ragr
aph
has
been
re
draf
ted.
65.
Add
ition
ally
, con
trols
can
be
circ
umve
nted
by
the
collu
sion
of t
wo
or m
ore
peop
le o
r ina
ppro
pria
te m
anag
emen
t ove
rrid
e of
in
tern
al c
ontro
l. Fo
r exa
mpl
e, m
anag
emen
t may
ent
er in
to si
de a
gree
men
ts w
ith c
usto
mer
s tha
t alte
r the
term
s and
con
ditio
ns
of th
e en
tity’
s sta
ndar
d sa
les c
ontra
cts,
whi
ch m
ay re
sult
in im
prop
er re
venu
e re
cogn
ition
. Als
o, e
dit c
heck
s in
a so
ftwar
e pr
ogra
m th
at a
re d
esig
ned
to id
entif
y an
d re
port
trans
actio
ns th
at e
xcee
d sp
ecifi
ed c
redi
t lim
its m
ay b
e ov
errid
den
or d
isab
led.
A38
66.
Smal
ler e
ntiti
es o
ften
have
few
er e
mpl
oyee
s whi
ch m
ay li
mit
the
exte
nt to
whi
ch se
greg
atio
n of
dut
ies i
s pra
ctic
able
. H
owev
er, f
or k
ey a
reas
, eve
n in
a v
ery
smal
l ent
ity, i
t can
be
prac
ticab
le to
impl
emen
t som
e de
gree
of s
egre
gatio
n of
dut
ies o
r ot
her f
orm
of u
nsop
hist
icat
ed b
ut e
ffect
ive
cont
rols
. The
pot
entia
l for
ove
rrid
e of
con
trols
by
the
owne
r-man
ager
dep
ends
to a
gr
eat e
xten
t on
the
cont
rol e
nviro
nmen
t and
in p
artic
ular
, the
ow
ner-m
anag
er’s
atti
tude
s abo
ut th
e im
porta
nce
of in
tern
al
cont
rol.
A11
3
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
5
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 2
9 of
56
Con
trol E
nviro
nmen
t
67.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
con
trol
env
iron
men
t.
The
con
trol e
nviro
nmen
t inc
lude
s the
gov
erna
nce
and
man
agem
ent f
unct
ions
and
the
attit
udes
, aw
aren
ess,
and
actio
ns o
f tho
se
char
ged
with
gov
erna
nce
and
man
agem
ent c
once
rnin
g th
e en
tity’
s int
erna
l con
trol a
nd it
s im
porta
nce
in th
e en
tity.
Th
e co
ntro
l env
ironm
ent s
ets t
he to
ne o
f an
orga
niza
tion,
influ
enci
ng th
e co
ntro
l con
scio
usne
ss o
f its
peo
ple.
It is
the
foun
datio
n fo
r effe
ctiv
e in
tern
al c
ontro
l, pr
ovid
ing
disc
iplin
e an
d st
ruct
ure.
14a
A
58
14a
Not
e: F
irst a
nd la
st s
ente
nce
of th
e pa
ragr
aph
have
bee
n co
mbi
ned
and
redr
afte
d.
68.
The
prim
ary
resp
onsi
bilit
y fo
r the
pre
vent
ion
and
dete
ctio
n of
frau
d an
d er
ror r
ests
with
bot
h th
ose
char
ged
with
gov
erna
nce
and
the
man
agem
ent o
f an
entit
y.
In e
valu
atin
g th
e de
sign
of t
he c
ontro
l env
ironm
ent a
nd d
eter
min
ing
whe
ther
it h
as b
een
impl
emen
ted,
the
audi
tor u
nder
stan
ds
how
man
agem
ent,
with
the
over
sigh
t of t
hose
cha
rged
with
gov
erna
nce,
has
cre
ated
and
mai
ntai
ned
a cu
lture
of h
ones
ty a
nd
ethi
cal b
ehav
ior,
and
esta
blis
hed
appr
opria
te c
ontro
ls to
pre
vent
and
det
ect f
raud
and
err
or w
ithin
the
entit
y.
14a
Rep
etiti
ve o
f IS
A 2
00 a
nd 7
00 r
e:
stat
emen
t of
m
anag
emen
t an
d go
vern
ance
resp
onsi
bilit
ies.
Cov
ered
by
guid
ance
on
inte
rnal
co
ntro
ls a
s wel
l as I
SA 2
40.
69.
In e
valu
atin
g th
e de
sign
of t
he e
ntity
’s c
ontro
l env
ironm
ent,
the
audi
tor c
onsi
ders
the
follo
win
g el
emen
ts a
nd h
ow th
ey h
ave
been
inco
rpor
ated
into
the
entit
y’s p
roce
sses
: (a
) C
omm
unic
atio
n an
d en
forc
emen
t of i
nteg
rity
and
ethi
cal v
alue
s—es
sent
ial e
lem
ents
whi
ch in
fluen
ce th
e ef
fect
iven
ess
of th
e de
sign
, adm
inis
tratio
n an
d m
onito
ring
of c
ontro
ls.
(b)
Com
mitm
ent t
o co
mpe
tenc
e—m
anag
emen
t’s c
onsi
dera
tion
of th
e co
mpe
tenc
e le
vels
for p
artic
ular
jobs
and
how
thos
e le
vels
tran
slat
e in
to re
quis
ite sk
ills a
nd k
now
ledg
e.
(c)
Parti
cipa
tion
by th
ose
char
ged
with
gov
erna
nce—
inde
pend
ence
from
man
agem
ent,
thei
r exp
erie
nce
and
stat
ure,
the
exte
nt o
f the
ir in
volv
emen
t and
scru
tiny
of a
ctiv
ities
, the
info
rmat
ion
they
rece
ive,
the
degr
ee to
whi
ch d
iffic
ult
ques
tions
are
rais
ed a
nd p
ursu
ed w
ith m
anag
emen
t and
thei
r int
erac
tion
with
inte
rnal
and
ext
erna
l aud
itors
. (d
) M
anag
emen
t’s p
hilo
soph
y an
d op
erat
ing
styl
e—m
anag
emen
t’s a
ppro
ach
to ta
king
and
man
agin
g bu
sine
ss ri
sks,
and
man
agem
ent’s
atti
tude
s and
act
ions
tow
ard
finan
cial
repo
rting
, inf
orm
atio
n pr
oces
sing
and
acc
ount
ing
func
tions
and
pe
rson
nel.
(e)
Org
aniz
atio
nal s
truct
ure—
the
fram
ewor
k w
ithin
whi
ch a
n en
tity’
s act
iviti
es fo
r ach
ievi
ng it
s obj
ectiv
es a
re p
lann
ed,
exec
uted
, con
trolle
d an
d re
view
ed.
14a
and
A59
-67
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
6
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
0 of
56
(f)
Ass
ignm
ent o
f aut
horit
y an
d re
spon
sibi
lity—
how
aut
horit
y an
d re
spon
sibi
lity
for o
pera
ting
activ
ities
are
ass
igne
d an
d ho
w re
porti
ng re
latio
nshi
ps a
nd a
utho
rizat
ion
hier
arch
ies a
re e
stab
lishe
d.
(g)
Hum
an re
sour
ce p
olic
ies a
nd p
ract
ices
—re
crui
tmen
t, or
ient
atio
n, tr
aini
ng, e
valu
atin
g, c
ouns
elin
g, p
rom
otin
g,
com
pens
atin
g an
d re
med
ial a
ctio
ns.
70.
In u
nder
stan
ding
the
cont
rol e
nviro
nmen
t ele
men
ts, t
he a
udito
r als
o co
nsid
ers w
heth
er th
ey h
ave
been
impl
emen
ted.
O
rdin
arily
, the
aud
itor o
btai
ns re
leva
nt a
udit
evid
ence
thro
ugh
a co
mbi
natio
n of
inqu
iries
and
oth
er ri
sk a
sses
smen
t pr
oced
ures
, for
exa
mpl
e, c
orro
bora
ting
inqu
iries
thro
ugh
obse
rvat
ion
or in
spec
tion
of d
ocum
ents
. For
exa
mpl
e, th
roug
h in
quiri
es o
f man
agem
ent a
nd e
mpl
oyee
s, th
e au
dito
r may
obt
ain
an u
nder
stan
ding
of h
ow m
anag
emen
t com
mun
icat
es to
em
ploy
ees i
ts v
iew
s on
busi
ness
pra
ctic
es a
nd e
thic
al b
ehav
ior.
The
audi
tor d
eter
min
es w
heth
er c
ontro
ls h
ave
been
im
plem
ente
d by
con
side
ring,
for e
xam
ple,
whe
ther
man
agem
ent h
as e
stab
lishe
d a
form
al c
ode
of c
ondu
ct a
nd w
heth
er it
act
s in
a m
anne
r tha
t sup
ports
the
code
or c
ondo
nes v
iola
tions
of,
or a
utho
rizes
exc
eptio
ns to
the
code
.
A68
Rep
etiti
ve st
atem
ent.
Not
e: P
arag
raph
has
bee
n re
draf
ted.
71.
Aud
it ev
iden
ce fo
r ele
men
ts o
f the
con
trol e
nviro
nmen
t may
not
be
avai
labl
e in
doc
umen
tary
form
, in
parti
cula
r for
smal
ler
entit
ies w
here
com
mun
icat
ion
betw
een
man
agem
ent a
nd o
ther
per
sonn
el m
ay b
e in
form
al, y
et e
ffect
ive.
For
exa
mpl
e,
man
agem
ent’s
com
mitm
ent t
o et
hica
l val
ues a
nd c
ompe
tenc
e ar
e of
ten
impl
emen
ted
thro
ugh
the
beha
vior
and
atti
tude
they
de
mon
stra
te in
man
agin
g th
e en
tity’
s bus
ines
s ins
tead
of i
n a
writ
ten
code
of c
ondu
ct. C
onse
quen
tly, m
anag
emen
t’s a
ttitu
des,
awar
enes
s and
act
ions
are
of p
artic
ular
impo
rtanc
e in
the
desi
gn o
f a sm
alle
r ent
ity’s
con
trol e
nviro
nmen
t. In
add
ition
, the
role
of
thos
e ch
arge
d w
ith g
over
nanc
e is
ofte
n un
derta
ken
by th
e ow
ner-m
anag
er w
here
ther
e ar
e no
oth
er o
wne
rs.
A11
4 A
115
A11
4
72.
The
over
all r
espo
nsib
ilitie
s of t
hose
cha
rged
with
gov
erna
nce
are
reco
gniz
ed in
cod
es o
f pra
ctic
e an
d ot
her r
egul
atio
ns o
r gu
idan
ce p
rodu
ced
for t
he b
enef
it of
thos
e ch
arge
d w
ith g
over
nanc
e. It
is o
ne, b
ut n
ot th
e on
ly, r
ole
of th
ose
char
ged
with
go
vern
ance
to c
ount
erba
lanc
e pr
essu
res o
n m
anag
emen
t in
rela
tion
to fi
nanc
ial r
epor
ting.
For
exa
mpl
e, th
e ba
sis f
or
man
agem
ent r
emun
erat
ion
may
pla
ce st
ress
on
man
agem
ent a
risin
g fr
om th
e co
nflic
ting
dem
ands
of f
air r
epor
ting
and
the
perc
eive
d be
nefit
s of i
mpr
oved
resu
lts. I
n un
ders
tand
ing
the
desi
gn o
f the
con
trol e
nviro
nmen
t, th
e au
dito
r con
side
rs su
ch
mat
ters
as t
he in
depe
nden
ce o
f the
dire
ctor
s and
thei
r abi
lity
to e
valu
ate
the
actio
ns o
f man
agem
ent.
The
audi
tor a
lso
cons
ider
s whe
ther
ther
e is
an
audi
t com
mitt
ee th
at u
nder
stan
ds th
e en
tity’
s bus
ines
s tra
nsac
tions
and
eva
luat
es w
heth
er th
e fin
anci
al st
atem
ents
giv
e a
true
and
fair
view
(or a
re p
rese
nted
fairl
y, in
all
mat
eria
l res
pect
s) in
acc
orda
nce
with
the
appl
icab
le fi
nanc
ial r
epor
ting
fram
ewor
k.
A62
Not
nec
essa
rily
appl
icab
le i
n al
l ju
risdi
ctio
ns
and
disc
ursi
ve
in
natu
re.
Not
e: P
arag
raph
has
bee
n re
draf
ted.
73.
The
natu
re o
f an
entit
y’s c
ontro
l env
ironm
ent i
s suc
h th
at it
has
a p
erva
sive
effe
ct o
n as
sess
ing
the
risks
of m
ater
ial
A69
N
ote:
Due
to
rest
ruct
urin
g of
the
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
7
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
1 of
56
mis
stat
emen
t. Fo
r exa
mpl
e, o
wne
r-man
ager
con
trols
may
miti
gate
a la
ck o
f seg
rega
tion
of d
utie
s in
a sm
all b
usin
ess,
or a
n ac
tive
and
inde
pend
ent b
oard
of d
irect
ors m
ay in
fluen
ce th
e ph
iloso
phy
and
oper
atin
g st
yle
of se
nior
man
agem
ent i
n la
rger
en
titie
s.
T
he a
udito
r’s e
valu
atio
n of
the
desi
gn o
f the
ent
ity’s
con
trol e
nviro
nmen
t inc
lude
s con
side
ring
whe
ther
the
stre
ngth
s in
the
cont
rol e
nviro
nmen
t ele
men
ts c
olle
ctiv
ely
prov
ide
an a
ppro
pria
te fo
unda
tion
for t
he o
ther
com
pone
nts o
f int
erna
l con
trol,
and
are
not u
nder
min
ed b
y co
ntro
l env
ironm
ent w
eakn
esse
s.
F
or e
xam
ple,
hum
an re
sour
ce p
olic
ies a
nd p
ract
ices
dire
cted
tow
ard
hirin
g co
mpe
tent
fina
ncia
l, ac
coun
ting,
and
IT p
erso
nnel
m
ay n
ot m
itiga
te a
stro
ng b
ias b
y to
p m
anag
emen
t to
over
stat
e ea
rnin
gs.
C
hang
es in
the
cont
rol e
nviro
nmen
t may
affe
ct th
e re
leva
nce
of in
form
atio
n ob
tain
ed in
prio
r aud
its.
F
or e
xam
ple,
man
agem
ent’s
dec
isio
n to
com
mit
addi
tiona
l res
ourc
es fo
r tra
inin
g an
d aw
aren
ess o
f fin
anci
al re
porti
ng
activ
ities
may
redu
ce th
e ris
k of
err
ors i
n pr
oces
sing
fina
ncia
l inf
orm
atio
n. A
ltern
ativ
ely,
man
agem
ent’s
failu
re to
com
mit
suffi
cien
t res
ourc
es to
add
ress
secu
rity
risks
pre
sent
ed b
y IT
may
adv
erse
ly a
ffect
inte
rnal
con
trol b
y al
low
ing
impr
oper
ch
ange
s to
be m
ade
to c
ompu
ter p
rogr
ams o
r to
data
, or b
y al
low
ing
unau
thor
ized
tran
sact
ions
to b
e pr
oces
sed.
14a
A69
A
12
A69
-A
70
mat
eria
l in
this
par
agra
ph, s
ente
nces
ha
ve b
een
redr
afte
d.
74.
The
exis
tenc
e of
a sa
tisfa
ctor
y co
ntro
l env
ironm
ent c
an b
e a
posi
tive
fact
or w
hen
the
audi
tor a
sses
ses t
he ri
sks o
f mat
eria
l m
isst
atem
ent a
nd a
s exp
lain
ed in
par
agra
ph 5
of I
SA 3
30, i
nflu
ence
s the
nat
ure,
tim
ing,
and
ext
ent o
f the
aud
itor’s
furth
er
proc
edur
es. I
n pa
rticu
lar,
it m
ay h
elp
redu
ce th
e ris
k of
frau
d, a
lthou
gh a
satis
fact
ory
cont
rol e
nviro
nmen
t is n
ot a
n ab
solu
te
dete
rren
t to
frau
d. C
onve
rsel
y, w
eakn
esse
s in
the
cont
rol e
nviro
nmen
t may
und
erm
ine
the
effe
ctiv
enes
s of c
ontro
ls a
nd
ther
efor
e be
neg
ativ
e fa
ctor
s in
the
audi
tor’s
ass
essm
ent o
f the
risk
s of m
ater
ial m
isst
atem
ent,
in p
artic
ular
in re
latio
n to
frau
d.
A70
U
nnec
essa
ry to
stat
e.
75.
The
cont
rol e
nviro
nmen
t in
itsel
f doe
s not
pre
vent
, or d
etec
t and
cor
rect
, a m
ater
ial m
isst
atem
ent i
n cl
asse
s of t
rans
actio
ns,
acco
unt b
alan
ces,
and
disc
losu
res a
nd re
late
d as
serti
ons.
The
audi
tor,
ther
efor
e, o
rdin
arily
con
side
rs th
e ef
fect
of o
ther
co
mpo
nent
s alo
ng w
ith th
e co
ntro
l env
ironm
ent w
hen
asse
ssin
g th
e ris
ks o
f mat
eria
l mis
stat
emen
t; fo
r exa
mpl
e, th
e m
onito
ring
of c
ontro
ls a
nd th
e op
erat
ion
of sp
ecifi
c co
ntro
l act
iviti
es.
A71
U
nnec
essa
ry to
sta
te. N
ote:
Sec
ond
sent
ence
has
bee
n re
draf
ted.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
8
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
2 of
56
The
Entit
y’s R
isk
Ass
essm
ent P
roce
ss
76.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
ent
ity’s
pro
cess
for
iden
tifyi
ng b
usin
ess r
isks
rel
evan
t to
finan
cial
re
port
ing
obje
ctiv
es a
nd d
ecid
ing
abou
t act
ions
to a
ddre
ss th
ose
risk
s, an
d th
e re
sults
ther
eof.
The
proc
ess i
s des
crib
ed
as th
e “e
ntity
’s ri
sk a
sses
smen
t pro
cess
” an
d fo
rms t
he b
asis
for h
ow m
anag
emen
t det
erm
ines
the
risks
to b
e m
anag
ed.
14b
Not
e: B
old
type
par
agra
ph h
as
been
redr
afte
d to
refl
ect e
lem
ents
of
ex
tant
pa
ragr
aph
77
(not
ed
belo
w).
77.
In e
valu
atin
g th
e de
sign
and
impl
emen
tatio
n of
the
entit
y’s r
isk
asse
ssm
ent p
roce
ss, t
he a
udito
r det
erm
ines
how
man
agem
ent
iden
tifie
s bus
ines
s ris
ks re
leva
nt to
fina
ncia
l rep
ortin
g, e
stim
ates
the
sign
ifica
nce
of th
e ris
ks, a
sses
ses t
he li
kelih
ood
of th
eir
occu
rren
ce, a
nd d
ecid
es u
pon
actio
ns to
man
age
them
. If t
he e
ntity
’s ri
sk a
sses
smen
t pro
cess
is a
ppro
pria
te to
the
circ
umst
ance
s, it
assi
sts t
he a
udito
r in
iden
tifyi
ng ri
sks o
f mat
eria
l mis
stat
emen
t.
14b
78.
The
audi
tor i
nqui
res a
bout
bus
ines
s ris
ks th
at m
anag
emen
t has
iden
tifie
d an
d co
nsid
ers w
heth
er th
ey m
ay re
sult
in m
ater
ial
mis
stat
emen
t.
D
urin
g th
e au
dit,
the
audi
tor m
ay id
entif
y ris
ks o
f mat
eria
l mis
stat
emen
t tha
t man
agem
ent f
aile
d to
iden
tify.
In su
ch c
ases
, the
au
dito
r con
side
rs w
heth
er th
ere
was
an
unde
rlyin
g ris
k of
a k
ind
that
shou
ld h
ave
been
iden
tifie
d by
the
entit
y’s r
isk
asse
ssm
ent p
roce
ss, a
nd if
so, w
hy th
at p
roce
ss fa
iled
to d
o so
and
whe
ther
the
proc
ess i
s app
ropr
iate
to it
s circ
umst
ance
s. If
, as
a re
sult,
the
audi
tor j
udge
s tha
t the
re is
a m
ater
ial w
eakn
ess i
n th
e en
tity’
s ris
k as
sess
men
t pro
cess
, the
aud
itor
com
mun
icat
es to
thos
e ch
arge
d w
ith g
over
nanc
e as
requ
ired
by p
arag
raph
120
.
14b
A74
Not
e: S
econ
d an
d th
ird s
ente
nces
ha
ve b
een
redr
afte
d.
79.
In a
smal
ler e
ntity
, man
agem
ent m
ay n
ot h
ave
a fo
rmal
risk
ass
essm
ent p
roce
ss a
s des
crib
ed in
par
agra
ph 7
6. F
or su
ch
entit
ies,
the
audi
tor d
iscu
sses
with
man
agem
ent h
ow ri
sks t
o th
e bu
sine
ss a
re id
entif
ied
by m
anag
emen
t and
how
they
are
ad
dres
sed.
A11
6 N
ote:
Pr
esen
t te
nse
in
seco
nd
sent
ence
has
bee
n re
draf
ted.
Info
rmat
ion
Syst
em, I
nclu
ding
the
Rel
ated
Bus
ines
s Pro
cess
es, R
elev
ant t
o Fi
nanc
ial R
epor
ting,
and
Com
mun
icat
ion
80.
The
info
rmat
ion
syst
em re
leva
nt to
fina
ncia
l rep
ortin
g ob
ject
ives
, whi
ch in
clud
es th
e ac
coun
ting
syst
em, c
onsi
sts o
f the
pr
oced
ures
and
reco
rds e
stab
lishe
d to
initi
ate,
reco
rd, p
roce
ss, a
nd re
port
entit
y tra
nsac
tions
(as w
ell a
s eve
nts a
nd c
ondi
tions
) an
d to
mai
ntai
n ac
coun
tabi
lity
for t
he re
late
d as
sets
, lia
bilit
ies,
and
equi
ty.
A75
81.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
info
rmat
ion
syst
em, i
nclu
ding
the
rela
ted
busi
ness
pro
cess
es,
14c
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·174
9
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
3 of
56
rele
vant
to fi
nanc
ial r
epor
ting,
incl
udin
g th
e fo
llow
ing
area
s:
• T
he c
lass
es o
f tra
nsac
tions
in th
e en
tity’
s ope
ratio
ns th
at a
re si
gnifi
cant
to th
e fin
anci
al st
atem
ents
. •
The
pro
cedu
res,
with
in b
oth
IT a
nd m
anua
l sys
tem
s, by
whi
ch th
ose
tran
sact
ions
are
initi
ated
, rec
orde
d,
proc
esse
d an
d re
port
ed in
the
finan
cial
stat
emen
ts.
• T
he r
elat
ed a
ccou
ntin
g re
cord
s, w
heth
er e
lect
roni
c or
man
ual,
supp
ortin
g in
form
atio
n, a
nd sp
ecifi
c ac
coun
ts in
th
e fin
anci
al st
atem
ents
, in
resp
ect o
f ini
tiatin
g, r
ecor
ding
, pro
cess
ing
and
repo
rtin
g tr
ansa
ctio
ns.
• H
ow th
e in
form
atio
n sy
stem
cap
ture
s eve
nts a
nd c
ondi
tions
, oth
er th
an c
lass
es o
f tra
nsac
tions
, tha
t are
si
gnifi
cant
to th
e fin
anci
al st
atem
ents
. •
The
fina
ncia
l rep
ortin
g pr
oces
s use
d to
pre
pare
the
entit
y’s f
inan
cial
stat
emen
ts, i
nclu
ding
sign
ifica
nt
acco
untin
g es
timat
es a
nd d
iscl
osur
es.
82.
In o
btai
ning
this
und
erst
andi
ng, t
he a
udito
r con
side
rs th
e pr
oced
ures
use
d to
tran
sfer
info
rmat
ion
from
tran
sact
ion
proc
essin
g sy
stem
s to
gene
ral l
edge
r or f
inan
cial
repo
rting
syst
ems.
Th
e au
dito
r als
o un
ders
tand
s the
ent
ity’s
pro
cedu
res t
o ca
ptur
e in
form
atio
n re
leva
nt to
fina
ncia
l rep
ortin
g fo
r eve
nts a
nd
cond
ition
s oth
er th
an tr
ansa
ctio
ns, s
uch
as th
e de
prec
iatio
n an
d am
ortiz
atio
n of
ass
ets a
nd c
hang
es in
the
reco
vera
bilit
y of
ac
coun
ts re
ceiv
able
s.
14c
&
A75
A
75
83.
An
entit
y’s i
nfor
mat
ion
syst
em ty
pica
lly in
clud
es th
e us
e of
stan
dard
jour
nal e
ntrie
s tha
t are
requ
ired
on a
recu
rrin
g ba
sis t
o re
cord
tran
sact
ions
such
as s
ales
, pur
chas
es, a
nd c
ash
disb
urse
men
ts in
the
gene
ral l
edge
r, or
to re
cord
acc
ount
ing
estim
ates
th
at a
re p
erio
dica
lly m
ade
by m
anag
emen
t, su
ch a
s cha
nges
in th
e es
timat
e of
unc
olle
ctib
le a
ccou
nts r
ecei
vabl
e.
A77
84.
An
entit
y’s f
inan
cial
repo
rting
pro
cess
als
o in
clud
es th
e us
e of
non
-sta
ndar
d jo
urna
l ent
ries t
o re
cord
non
-rec
urrin
g, u
nusu
al
trans
actio
ns o
r adj
ustm
ents
. Exa
mpl
es o
f suc
h en
tries
incl
ude
cons
olid
atin
g ad
just
men
ts a
nd e
ntrie
s for
a b
usin
ess
com
bina
tion
or d
ispo
sal o
r non
-rec
urrin
g es
timat
es su
ch a
s an
asse
t im
pairm
ent.
In m
anua
l, pa
per-b
ased
gen
eral
ledg
er
syst
ems,
non-
stan
dard
jour
nal e
ntrie
s may
be
iden
tifie
d th
roug
h in
spec
tion
of le
dger
s, jo
urna
ls, a
nd su
ppor
ting
docu
men
tatio
n. H
owev
er, w
hen
auto
mat
ed p
roce
dure
s are
use
d to
mai
ntai
n th
e ge
nera
l led
ger a
nd p
repa
re fi
nanc
ial
stat
emen
ts, s
uch
entri
es m
ay e
xist
onl
y in
ele
ctro
nic
form
and
may
be
mor
e ea
sily
iden
tifie
d th
roug
h th
e us
e of
com
pute
r-as
sist
ed a
udit
tech
niqu
es.
A78
85.
Prep
arat
ion
of th
e en
tity’
s fin
anci
al st
atem
ents
incl
ude
proc
edur
es th
at a
re d
esig
ned
to e
nsur
e in
form
atio
n re
quire
d to
be
U
nnec
essa
ry s
tate
men
t.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
0
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
4 of
56
disc
lose
d by
the
appl
icab
le fi
nanc
ial r
epor
ting
fram
ewor
k is
acc
umul
ated
, rec
orde
d, p
roce
ssed
, sum
mar
ized
and
app
ropr
iate
ly
repo
rted
in th
e fin
anci
al st
atem
ents
. 86
. In
obt
aini
ng a
n un
ders
tand
ing,
the
audi
tor c
onsi
ders
risk
s of m
ater
ial m
isst
atem
ent a
ssoc
iate
d w
ith in
appr
opria
te o
verr
ide
of
cont
rols
ove
r jou
rnal
ent
ries a
nd th
e co
ntro
ls su
rrou
ndin
g no
n-st
anda
rd jo
urna
l ent
ries.
Fo
r exa
mpl
e, a
utom
ated
pro
cess
es a
nd c
ontro
ls m
ay re
duce
the
risk
of in
adve
rtent
err
or b
ut d
o no
t ove
rcom
e th
e ris
k th
at
indi
vidu
als m
ay in
appr
opria
tely
ove
rrid
e su
ch a
utom
ated
pro
cess
es, f
or e
xam
ple,
by
chan
ging
the
amou
nts b
eing
au
tom
atic
ally
pas
sed
to th
e ge
nera
l led
ger o
r fin
anci
al re
porti
ng sy
stem
. Fur
ther
mor
e, th
e au
dito
r mai
ntai
ns a
n aw
aren
ess t
hat
whe
n IT
is u
sed
to tr
ansf
er in
form
atio
n au
tom
atic
ally
, the
re m
ay b
e lit
tle o
r no
visi
ble
evid
ence
of s
uch
inte
rven
tion
in th
e in
form
atio
n sy
stem
s.
14c
Mov
ed to
redr
afte
d IS
A 2
40, a
s tha
t IS
A d
eals
with
risk
of m
anag
emen
t ov
errid
e of
con
trols
.
87.
The
audi
tor a
lso
unde
rsta
nds h
ow th
e in
corr
ect p
roce
ssin
g of
tran
sact
ions
is re
solv
ed, f
or e
xam
ple,
whe
ther
ther
e is
an
auto
mat
ed su
spen
se fi
le a
nd h
ow it
is u
sed
by th
e en
tity
to e
nsur
e th
at su
spen
se it
ems a
re c
lear
ed o
ut o
n a
timel
y ba
sis,
and
how
syst
em o
verr
ides
or b
ypas
ses t
o co
ntro
ls a
re p
roce
ssed
and
acc
ount
ed fo
r.
14c
and
A75
88.
The
audi
tor o
btai
ns a
n un
ders
tand
ing
of th
e en
tity’
s inf
orm
atio
n sy
stem
rele
vant
to fi
nanc
ial r
epor
ting
in a
man
ner t
hat i
s ap
prop
riate
to th
e en
tity’
s circ
umst
ance
s. Th
is in
clud
es o
btai
ning
an
unde
rsta
ndin
g of
how
tran
sact
ions
orig
inat
e w
ithin
the
entit
y’s b
usin
ess p
roce
sses
. An
entit
y’s b
usin
ess p
roce
sses
are
the
activ
ities
des
igne
d to
dev
elop
, pur
chas
e, p
rodu
ce, s
ell a
nd
dist
ribut
e an
ent
ity’s
pro
duct
s and
serv
ices
; ens
ure
com
plia
nce
with
law
s and
regu
latio
ns; a
nd re
cord
info
rmat
ion,
incl
udin
g ac
coun
ting
and
finan
cial
repo
rting
info
rmat
ion.
A79
N
ote:
Par
agra
ph h
as b
een
redr
afte
d.
89.
The
aud
itor
shou
ld u
nder
stan
d ho
w th
e en
tity
com
mun
icat
es fi
nanc
ial r
epor
ting
role
s and
res
pons
ibili
ties a
nd
sign
ifica
nt m
atte
rs r
elat
ing
to fi
nanc
ial r
epor
ting.
C
omm
unic
atio
n in
volv
es p
rovi
ding
an
unde
rsta
ndin
g of
indi
vidu
al ro
les a
nd re
spon
sibi
litie
s per
tain
ing
to in
tern
al c
ontro
l ov
er fi
nanc
ial r
epor
ting
and
may
take
such
form
s as p
olic
y m
anua
ls a
nd fi
nanc
ial r
epor
ting
man
uals
. It i
nclu
des t
he e
xten
t to
whi
ch p
erso
nnel
und
erst
and
how
thei
r act
iviti
es in
the
finan
cial
repo
rting
info
rmat
ion
syst
em re
late
to th
e w
ork
of o
ther
s and
th
e m
eans
of r
epor
ting
exce
ptio
ns to
an
appr
opria
te h
ighe
r lev
el w
ithin
the
entit
y. O
pen
com
mun
icat
ion
chan
nels
hel
p en
sure
th
at e
xcep
tions
are
repo
rted
and
acte
d on
.
14d
A80
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
1
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
5 of
56
The
audi
tor’s
und
erst
andi
ng o
f com
mun
icat
ion
perta
inin
g to
fina
ncia
l rep
ortin
g m
atte
rs a
lso
incl
udes
com
mun
icat
ions
be
twee
n m
anag
emen
t and
thos
e ch
arge
d w
ith g
over
nanc
e, p
artic
ular
ly th
e au
dit c
omm
ittee
, as w
ell a
s ext
erna
l co
mm
unic
atio
ns su
ch a
s tho
se w
ith re
gula
tory
aut
horit
ies.
14d
Con
trol A
ctiv
ities
90.
The
aud
itor
shou
ld o
btai
n a
suff
icie
nt u
nder
stan
ding
of c
ontr
ol a
ctiv
ities
to a
sses
s the
ris
ks o
f mat
eria
l mis
stat
emen
t at
the
asse
rtio
n le
vel a
nd to
des
ign
furt
her
audi
t pro
cedu
res r
espo
nsiv
e to
ass
esse
d ri
sks.
C
ontro
l act
iviti
es a
re th
e po
licie
s and
pro
cedu
res t
hat h
elp
ensu
re th
at m
anag
emen
t dire
ctiv
es a
re c
arrie
d ou
t; fo
r exa
mpl
e,
that
nec
essa
ry a
ctio
ns a
re ta
ken
to a
ddre
ss ri
sks t
hat t
hrea
ten
the
achi
evem
ent o
f the
ent
ity’s
obj
ectiv
es. C
ontro
l act
iviti
es,
whe
ther
with
in IT
or m
anua
l sys
tem
s, ha
ve v
ario
us o
bjec
tives
and
are
app
lied
at v
ario
us o
rgan
izat
iona
l and
func
tiona
l lev
els.
Ex
ampl
es o
f spe
cific
con
trol a
ctiv
ities
incl
ude
thos
e re
latin
g to
the
follo
win
g:
• A
utho
rizat
ion.
•
Perf
orm
ance
revi
ews.
• In
form
atio
n pr
oces
sing
. •
Phys
ical
con
trols
. •
Segr
egat
ion
of d
utie
s.
14e
A81
Not
e: B
old
type
sent
ence
has
bee
n re
draf
ted.
91.
In o
btai
ning
an
unde
rsta
ndin
g of
con
trol a
ctiv
ities
, the
aud
itor’s
prim
ary
cons
ider
atio
n is
whe
ther
, and
how
, a sp
ecifi
c co
ntro
l ac
tivity
, ind
ivid
ually
or i
n co
mbi
natio
n w
ith o
ther
s, pr
even
ts, o
r det
ects
and
cor
rect
s, m
ater
ial m
isst
atem
ents
in c
lass
es o
f tra
nsac
tions
, acc
ount
bal
ance
s, or
dis
clos
ures
.
Con
trol a
ctiv
ities
rele
vant
to th
e au
dit a
re th
ose
for w
hich
the
audi
tor c
onsi
ders
it n
eces
sary
to o
btai
n an
und
erst
andi
ng in
or
der t
o as
sess
risk
s of m
ater
ial m
isst
atem
ent a
t the
ass
ertio
n le
vel a
nd to
des
ign
and
perf
orm
furth
er a
udit
proc
edur
es
resp
onsi
ve to
the
asse
ssed
risk
s. A
n au
dit d
oes n
ot re
quire
an
unde
rsta
ndin
g of
all
the
cont
rol a
ctiv
ities
rela
ted
to e
ach
sign
ifica
nt c
lass
of t
rans
actio
ns, a
ccou
nt b
alan
ce, a
nd d
iscl
osur
e in
the
finan
cial
stat
emen
ts o
r to
ever
y as
serti
on re
leva
nt to
th
em. T
he a
udito
r’s e
mph
asis
is o
n id
entif
ying
and
obt
aini
ng a
n un
ders
tand
ing
of c
ontro
l act
iviti
es th
at a
ddre
ss th
e ar
eas
whe
re th
e au
dito
r con
side
rs th
at m
ater
ial m
isst
atem
ents
are
mor
e lik
ely
to o
ccur
. Whe
n m
ultip
le c
ontro
l act
iviti
es a
chie
ve th
e sa
me
obje
ctiv
e, it
is u
nnec
essa
ry to
obt
ain
an u
nder
stan
ding
of e
ach
of th
e co
ntro
l act
iviti
es re
late
d to
such
obj
ectiv
e.
12
14e
Rep
etiti
ve o
f the
abo
ve.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
2
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
6 of
56
92.
The
audi
tor c
onsi
ders
the
know
ledg
e ab
out t
he p
rese
nce
or a
bsen
ce o
f con
trol a
ctiv
ities
obt
aine
d fr
om th
e un
ders
tand
ing
of
the
othe
r com
pone
nts o
f int
erna
l con
trol i
n de
term
inin
g w
heth
er it
is n
eces
sary
to d
evot
e ad
ditio
nal a
ttent
ion
to o
btai
ning
an
unde
rsta
ndin
g of
con
trol a
ctiv
ities
. In
cons
ider
ing
whe
ther
con
trol a
ctiv
ities
are
rele
vant
to th
e au
dit,
the
audi
tor c
onsi
ders
the
risks
the
audi
tor h
as id
entif
ied
that
may
giv
e ris
e to
mat
eria
l mis
stat
emen
t. A
lso,
con
trol a
ctiv
ities
are
rele
vant
to th
e au
dit i
f th
e au
dito
r is r
equi
red
to e
valu
ate
them
as d
iscu
ssed
in p
arag
raph
s 113
and
115
.
A82
-A
83
Rep
etiti
ve o
f mat
eria
l in
new
par
a.
12.
93.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f how
the
entit
y ha
s res
pond
ed to
ris
ks a
risi
ng fr
om IT
. Th
e us
e of
IT a
ffect
s the
way
that
con
trol a
ctiv
ities
are
impl
emen
ted.
The
aud
itor c
onsi
ders
whe
ther
the
entit
y ha
s res
pond
ed
adeq
uate
ly to
the
risks
aris
ing
from
IT b
y es
tabl
ishi
ng e
ffect
ive
gene
ral I
T-co
ntro
ls a
nd a
pplic
atio
n co
ntro
ls. F
rom
the
audi
tor’s
per
spec
tive,
con
trols
ove
r IT
syst
ems a
re e
ffect
ive
whe
n th
ey m
aint
ain
the
inte
grity
of i
nfor
mat
ion
and
the
secu
rity
of th
e da
ta su
ch sy
stem
s pro
cess
.
14e
A84
Not
e: P
arag
raph
has
bee
n re
draf
ted.
94.
Gen
eral
IT-c
ontro
ls a
re p
olic
ies a
nd p
roce
dure
s tha
t rel
ate
to m
any
appl
icat
ions
and
supp
ort t
he e
ffect
ive
func
tioni
ng o
f ap
plic
atio
n co
ntro
ls b
y he
lpin
g to
ens
ure
the
cont
inue
d pr
oper
ope
ratio
n of
info
rmat
ion
syst
ems.
Gen
eral
IT-c
ontro
ls th
at
mai
ntai
n th
e in
tegr
ity o
f inf
orm
atio
n an
d se
curit
y of
dat
a co
mm
only
incl
ude
cont
rols
ove
r the
follo
win
g:
• D
ata
cent
er a
nd n
etw
ork
oper
atio
ns.
• Sy
stem
softw
are
acqu
isiti
on, c
hang
e an
d m
aint
enan
ce.
• A
cces
s sec
urity
. •
App
licat
ion
syst
em a
cqui
sitio
n, d
evel
opm
ent,
and
mai
nten
ance
.
Th
ey a
re g
ener
ally
impl
emen
ted
to d
eal w
ith th
e ris
ks re
ferr
ed to
in p
arag
raph
60
abov
e.
A85
95.
App
licat
ion
cont
rols
are
man
ual o
r aut
omat
ed p
roce
dure
s tha
t typ
ical
ly o
pera
te a
t a b
usin
ess p
roce
ss le
vel.
App
licat
ion
cont
rols
can
be
prev
enta
tive
or d
etec
tive
in n
atur
e an
d ar
e de
sign
ed to
ens
ure
the
inte
grity
of t
he a
ccou
ntin
g re
cord
s. A
ccor
ding
ly, a
pplic
atio
n co
ntro
ls re
late
to p
roce
dure
s use
d to
initi
ate,
reco
rd, p
roce
ss a
nd re
port
trans
actio
ns o
r oth
er
finan
cial
dat
a. T
hese
con
trols
hel
p en
sure
that
tran
sact
ions
occ
urre
d, a
re a
utho
rized
, and
are
com
plet
ely
and
accu
rate
ly
reco
rded
and
pro
cess
ed. E
xam
ples
incl
ude
edit
chec
ks o
f inp
ut d
ata,
and
num
eric
al se
quen
ce c
heck
s with
man
ual f
ollo
w-u
p of
ex
cept
ion
repo
rts o
r cor
rect
ion
at th
e po
int o
f dat
a en
try.
A86
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
3
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
7 of
56
Mon
itorin
g of
Con
trols
96.
The
aud
itor
shou
ld o
btai
n an
und
erst
andi
ng o
f the
maj
or ty
pes o
f act
iviti
es th
at th
e en
tity
uses
to m
onito
r in
tern
al
cont
rol o
ver
finan
cial
rep
ortin
g, in
clud
ing
thos
e re
late
d to
thos
e co
ntro
l act
iviti
es r
elev
ant t
o th
e au
dit,
and
how
the
entit
y in
itiat
es c
orre
ctiv
e ac
tions
to it
s con
trol
s.
14f
97.
Mon
itorin
g of
con
trols
is a
pro
cess
to a
sses
s the
effe
ctiv
enes
s of i
nter
nal c
ontro
l per
form
ance
ove
r tim
e. It
invo
lves
ass
essi
ng
the
desi
gn a
nd o
pera
tion
of c
ontro
ls o
n a
timel
y ba
sis a
nd ta
king
nec
essa
ry c
orre
ctiv
e ac
tions
mod
ified
for c
hang
es in
co
nditi
ons.
Man
agem
ent a
ccom
plis
hes m
onito
ring
of c
ontro
ls th
roug
h on
goin
g ac
tiviti
es, s
epar
ate
eval
uatio
ns, o
r a
com
bina
tion
of th
e tw
o. O
ngoi
ng m
onito
ring
activ
ities
are
ofte
n bu
ilt in
to th
e no
rmal
recu
rrin
g ac
tiviti
es o
f an
entit
y an
d in
clud
e re
gula
r man
agem
ent a
nd su
perv
isor
y ac
tiviti
es.
A87
98.
In m
any
entit
ies,
inte
rnal
aud
itors
or p
erso
nnel
per
form
ing
sim
ilar f
unct
ions
con
tribu
te to
the
mon
itorin
g of
an
entit
y’s
activ
ities
. See
ISA
610
, “C
onsi
derin
g th
e W
ork
of In
tern
al A
uditi
ng”
for a
dditi
onal
gui
danc
e. M
anag
emen
t’s m
onito
ring
activ
ities
may
als
o in
clud
e us
ing
info
rmat
ion
from
com
mun
icat
ions
from
ext
erna
l par
ties s
uch
as c
usto
mer
com
plai
nts a
nd
regu
lato
r com
men
ts th
at m
ay in
dica
te p
robl
ems o
r hig
hlig
ht a
reas
in n
eed
of im
prov
emen
t.
A89
99.
Muc
h of
the
info
rmat
ion
used
in m
onito
ring
may
be
prod
uced
by
the
entit
y’s i
nfor
mat
ion
syst
em. I
f man
agem
ent a
ssum
es th
at
data
use
d fo
r mon
itorin
g ar
e ac
cura
te w
ithou
t hav
ing
a ba
sis f
or th
at a
ssum
ptio
n, e
rror
s may
exi
st in
the
info
rmat
ion,
po
tent
ially
lead
ing
man
agem
ent t
o in
corr
ect c
oncl
usio
ns fr
om it
s mon
itorin
g ac
tiviti
es. T
he a
udito
r obt
ains
an
unde
rsta
ndin
g of
the
sour
ces o
f the
info
rmat
ion
rela
ted
to th
e en
tity’
s mon
itorin
g ac
tiviti
es, a
nd th
e ba
sis u
pon
whi
ch m
anag
emen
t con
side
rs
the
info
rmat
ion
to b
e su
ffici
ently
relia
ble
for t
he p
urpo
se.
W
hen
the
audi
tor i
nten
ds to
mak
e us
e of
the
entit
y’s i
nfor
mat
ion
prod
uced
for m
onito
ring
activ
ities
, suc
h as
inte
rnal
aud
itor’s
re
ports
, the
aud
itor c
onsi
ders
whe
ther
the
info
rmat
ion
prov
ides
a re
liabl
e ba
sis a
nd is
suffi
cien
tly d
etai
led
for t
he a
udito
r’s
purp
ose.
14f
and
A90
To
be
posi
tione
d in
red
rafte
d IS
A
500.
Ass
essi
ng th
e R
isks
of M
ater
ial M
isst
atem
ent
100.
T
he a
udito
r sh
ould
iden
tify
and
asse
ss th
e ri
sks o
f mat
eria
l mis
stat
emen
t at t
he fi
nanc
ial s
tate
men
t lev
el, a
nd a
t the
as
sert
ion
leve
l for
cla
sses
of t
rans
actio
ns, a
ccou
nt b
alan
ces,
and
disc
losu
res.
15
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
4
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
8 of
56
For t
his p
urpo
se, t
he a
udito
r: •
Iden
tifie
s ris
ks th
roug
hout
the
proc
ess o
f obt
aini
ng a
n un
ders
tand
ing
of th
e en
tity
and
its e
nviro
nmen
t, in
clud
ing
rele
vant
con
trols
that
rela
te to
the
risks
, and
by
cons
ider
ing
the
clas
ses o
f tra
nsac
tions
, acc
ount
bal
ance
s, an
d di
sclo
sure
s in
the
finan
cial
stat
emen
ts;
• R
elat
es th
e id
entif
ied
risks
to w
hat c
an g
o w
rong
at t
he a
sser
tion
leve
l; •
Con
side
rs w
heth
er th
e ris
ks a
re o
f a m
agni
tude
that
cou
ld re
sult
in a
mat
eria
l mis
stat
emen
t of t
he fi
nanc
ial s
tate
men
ts;
and
• C
onsi
ders
the
likel
ihoo
d th
at th
e ris
ks c
ould
resu
lt in
a m
ater
ial m
isst
atem
ent o
f the
fina
ncia
l sta
tem
ents
.
16
101.
Th
e au
dito
r use
s inf
orm
atio
n ga
ther
ed b
y pe
rfor
min
g ris
k as
sess
men
t pro
cedu
res,
incl
udin
g th
e au
dit e
vide
nce
obta
ined
in
eval
uatin
g th
e de
sign
of c
ontro
ls a
nd d
eter
min
ing
whe
ther
they
hav
e be
en im
plem
ente
d, a
s aud
it ev
iden
ce to
supp
ort t
he ri
sk
asse
ssm
ent.
The
audi
tor u
ses t
he ri
sk a
sses
smen
t to
dete
rmin
e th
e na
ture
, tim
ing,
and
ext
ent o
f fur
ther
aud
it pr
oced
ures
to b
e pe
rfor
med
.
A91
N
ote:
Pa
ragr
aph
has
been
re
draf
ted
to r
emov
e th
e pr
esen
t te
nse.
102.
Th
e au
dito
r det
erm
ines
whe
ther
the
iden
tifie
d ris
ks o
f mat
eria
l mis
stat
emen
t rel
ate
to sp
ecifi
c cl
asse
s of t
rans
actio
ns, a
ccou
nt
bala
nces
, and
dis
clos
ures
and
rela
ted
asse
rtion
s, or
whe
ther
they
rela
te m
ore
perv
asiv
ely
to th
e fin
anci
al st
atem
ents
as a
who
le
and
pote
ntia
lly a
ffect
man
y as
serti
ons.
The
latte
r ris
ks (r
isks
at t
he fi
nanc
ial s
tate
men
t lev
el) m
ay d
eriv
e in
par
ticul
ar fr
om a
w
eak
cont
rol e
nviro
nmen
t.
A96
N
ote:
Fi
rst
sent
ence
ha
s be
en
redr
afte
d to
rem
ove
the
pres
ent
tens
e.
103.
Th
e na
ture
of t
he ri
sks a
risin
g fr
om a
wea
k co
ntro
l env
ironm
ent i
s suc
h th
at th
ey a
re n
ot li
kely
to b
e co
nfin
ed to
spec
ific
indi
vidu
al ri
sks o
f mat
eria
l mis
stat
emen
t in
parti
cula
r cla
sses
of t
rans
actio
ns, a
ccou
nt b
alan
ces,
and
disc
losu
res.
Rat
her,
wea
knes
ses s
uch
as m
anag
emen
t’s la
ck o
f com
pete
nce
may
hav
e a
mor
e pe
rvas
ive
effe
ct o
n th
e fin
anci
al st
atem
ents
and
may
re
quire
an
over
all r
espo
nse
by th
e au
dito
r.
A96
N
ote:
Pa
ragr
aph
has
been
re
draf
ted.
104.
In
mak
ing
risk
asse
ssm
ents
, the
aud
itor m
ay id
entif
y th
e co
ntro
ls th
at a
re li
kely
to p
reve
nt, o
r det
ect a
nd c
orre
ct, m
ater
ial
mis
stat
emen
t in
spec
ific
asse
rtion
s. G
ener
ally
, the
aud
itor g
ains
an
unde
rsta
ndin
g of
con
trols
and
rela
tes t
hem
to a
sser
tions
in
the
cont
ext o
f pro
cess
es a
nd sy
stem
s in
whi
ch th
ey e
xist
. Doi
ng so
is u
sefu
l bec
ause
indi
vidu
al c
ontro
l act
iviti
es o
ften
do n
ot
in th
emse
lves
add
ress
a ri
sk. O
ften
only
mul
tiple
con
trol a
ctiv
ities
, tog
ethe
r with
oth
er e
lem
ents
of i
nter
nal c
ontro
l, w
ill b
e su
ffici
ent t
o ad
dres
s a ri
sk.
A93
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
5
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 3
9 of
56
105.
C
onve
rsel
y, so
me
cont
rol a
ctiv
ities
may
hav
e a
spec
ific
effe
ct o
n an
indi
vidu
al a
sser
tion
embo
died
in a
par
ticul
ar c
lass
of
trans
actio
ns o
r acc
ount
bal
ance
. For
exa
mpl
e, th
e co
ntro
l act
iviti
es th
at a
n en
tity
esta
blis
hed
to e
nsur
e th
at it
s per
sonn
el a
re
prop
erly
cou
ntin
g an
d re
cord
ing
the
annu
al p
hysi
cal i
nven
tory
rela
te d
irect
ly to
the
exis
tenc
e an
d co
mpl
eten
ess a
sser
tions
for
the
inve
ntor
y ac
coun
t bal
ance
.
A94
106.
C
ontro
ls c
an b
e ei
ther
dire
ctly
or i
ndire
ctly
rela
ted
to a
n as
serti
on. T
he m
ore
indi
rect
the
rela
tions
hip,
the
less
effe
ctiv
e th
at
cont
rol m
ay b
e in
pre
vent
ing,
or d
etec
ting
and
corr
ectin
g, m
isst
atem
ents
in th
at a
sser
tion.
For
exa
mpl
e, a
sale
s man
ager
’s
revi
ew o
f a su
mm
ary
of sa
les a
ctiv
ity fo
r spe
cific
stor
es b
y re
gion
ord
inar
ily is
onl
y in
dire
ctly
rela
ted
to th
e co
mpl
eten
ess
asse
rtion
for s
ales
reve
nue.
Acc
ordi
ngly
, it m
ay b
e le
ss e
ffect
ive
in re
duci
ng ri
sk fo
r tha
t ass
ertio
n th
an c
ontro
ls m
ore
dire
ctly
re
late
d to
that
ass
ertio
n, su
ch a
s mat
chin
g sh
ippi
ng d
ocum
ents
with
bill
ing
docu
men
ts.
A95
107.
Th
e au
dito
r’s u
nder
stan
ding
of i
nter
nal c
ontro
l may
rais
e do
ubts
abo
ut th
e au
dita
bilit
y of
an
entit
y’s f
inan
cial
stat
emen
ts.
Con
cern
s abo
ut th
e in
tegr
ity o
f the
ent
ity’s
man
agem
ent m
ay b
e so
serio
us a
s to
caus
e th
e au
dito
r to
conc
lude
that
the
risk
of
man
agem
ent m
isre
pres
enta
tion
in th
e fin
anci
al st
atem
ents
is su
ch th
at a
n au
dit c
anno
t be
cond
ucte
d. A
lso,
con
cern
s abo
ut th
e co
nditi
on a
nd re
liabi
lity
of a
n en
tity’
s rec
ords
may
cau
se th
e au
dito
r to
conc
lude
that
it is
unl
ikel
y th
at su
ffici
ent a
ppro
pria
te
audi
t evi
denc
e w
ill b
e av
aila
ble
to su
ppor
t an
unqu
alifi
ed o
pini
on o
n th
e fin
anci
al st
atem
ents
. In
such
circ
umst
ance
s, th
e au
dito
r con
side
rs a
qua
lific
atio
n or
dis
clai
mer
of o
pini
on, b
ut in
som
e ca
ses t
he a
udito
r’s o
nly
reco
urse
may
be
to w
ithdr
aw
from
the
enga
gem
ent.
A97
Not
e:
Last
se
nten
ce
has
been
re
draf
ted.
SIG
NIF
ICAN
T RI
SKS
THAT
REQ
UIR
E SP
ECIA
L AU
DIT
CO
NSI
DER
ATIO
N
108.
A
s par
t of t
he r
isk
asse
ssm
ent a
s des
crib
ed in
par
agra
ph 1
00, t
he a
udito
r sh
ould
det
erm
ine
whi
ch o
f the
ris
ks
iden
tifie
d ar
e, in
the
audi
tor’
s jud
gmen
t, ri
sks t
hat r
equi
re sp
ecia
l aud
it co
nsid
erat
ion
(suc
h ri
sks a
re d
efin
ed a
s “s
igni
fican
t ris
ks”)
. In
add
ition
, ISA
330
, par
agra
phs 4
4 an
d 51
des
crib
e th
e co
nseq
uenc
es fo
r fur
ther
aud
it pr
oced
ures
of i
dent
ifyin
g a
risk
as
sign
ifica
nt.
17
A10
0
109.
Th
e de
term
inat
ion
of si
gnifi
cant
risk
s, w
hich
aris
e on
mos
t aud
its, i
s a m
atte
r for
the
audi
tor’s
pro
fess
iona
l jud
gmen
t. In
ex
erci
sing
this
judg
men
t, th
e au
dito
r exc
lude
s the
effe
ct o
f ide
ntifi
ed c
ontro
ls re
late
d to
the
risk
to d
eter
min
e w
heth
er th
e na
ture
of t
he ri
sk, t
he li
kely
mag
nitu
de o
f the
pot
entia
l mis
stat
emen
t inc
ludi
ng th
e po
ssib
ility
that
the
risk
may
giv
e ris
e to
18
Rep
etiti
ve o
f the
gui
danc
e in
ext
ant
para
. 100
.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
6
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
0 of
56
mul
tiple
mis
stat
emen
ts, a
nd th
e lik
elih
ood
of th
e ris
k oc
curr
ing
are
such
that
they
requ
ire sp
ecia
l aud
it co
nsid
erat
ion.
Rou
tine,
non
-com
plex
tran
sact
ions
that
are
subj
ect t
o sy
stem
atic
pro
cess
ing
are
less
like
ly to
giv
e ris
e to
sign
ifica
nt ri
sks
beca
use
they
hav
e lo
wer
inhe
rent
risk
s. O
n th
e ot
her h
and,
sign
ifica
nt ri
sks a
re o
ften
deriv
ed fr
om b
usin
ess r
isks
that
may
re
sult
in a
mat
eria
l mis
stat
emen
t.
In c
onsi
derin
g th
e na
ture
of t
he ri
sks,
the
audi
tor c
onsi
ders
a n
umbe
r of m
atte
rs, i
nclu
ding
the
follo
win
g:
• W
heth
er th
e ris
k is
a ri
sk o
f fra
ud.
• W
heth
er th
e ris
k is
rela
ted
to re
cent
sign
ifica
nt e
cono
mic
, acc
ount
ing
or o
ther
dev
elop
men
ts a
nd, t
here
fore
, req
uire
s sp
ecifi
c at
tent
ion.
•
The
com
plex
ity o
f tra
nsac
tions
. •
Whe
ther
the
risk
invo
lves
sign
ifica
nt tr
ansa
ctio
ns w
ith re
late
d pa
rties
. •
The
degr
ee o
f sub
ject
ivity
in th
e m
easu
rem
ent o
f fin
anci
al in
form
atio
n re
late
d to
the
risk
espe
cial
ly th
ose
invo
lvin
g a
wid
e ra
nge
of m
easu
rem
ent u
ncer
tain
ty.
• W
heth
er th
e ris
k in
volv
es si
gnifi
cant
tran
sact
ions
that
are
out
side
the
norm
al c
ours
e of
bus
ines
s for
the
entit
y, o
r tha
t ot
herw
ise
appe
ar to
be
unus
ual.
19
19
110.
Si
gnifi
cant
risk
s ofte
n re
late
to si
gnifi
cant
non
-rou
tine
trans
actio
ns a
nd ju
dgm
enta
l mat
ters
. Non
-rou
tine
trans
actio
ns a
re
trans
actio
ns th
at a
re u
nusu
al, e
ither
due
to si
ze o
r nat
ure,
and
that
ther
efor
e oc
cur i
nfre
quen
tly. J
udgm
enta
l mat
ters
may
in
clud
e th
e de
velo
pmen
t of a
ccou
ntin
g es
timat
es fo
r whi
ch th
ere
is si
gnifi
cant
mea
sure
men
t unc
erta
inty
.
A98
111.
R
isks
of m
ater
ial m
isst
atem
ent m
ay b
e gr
eate
r for
risk
s rel
atin
g to
sign
ifica
nt n
on-r
outin
e tra
nsac
tions
aris
ing
from
mat
ters
su
ch a
s the
follo
win
g:
• G
reat
er m
anag
emen
t int
erve
ntio
n to
spec
ify th
e ac
coun
ting
treat
men
t. •
Gre
ater
man
ual i
nter
vent
ion
for d
ata
colle
ctio
n an
d pr
oces
sing
. •
Com
plex
cal
cula
tions
or a
ccou
ntin
g pr
inci
ples
. •
The
natu
re o
f non
-rou
tine
trans
actio
ns, w
hich
may
mak
e it
diffi
cult
for t
he e
ntity
to im
plem
ent e
ffect
ive
cont
rols
ove
r th
e ris
ks.
A99
112.
R
isks
of m
ater
ial m
isst
atem
ent m
ay b
e gr
eate
r for
risk
s rel
atin
g to
sign
ifica
nt ju
dgm
enta
l mat
ters
that
requ
ire th
e de
velo
pmen
t of
acc
ount
ing
estim
ates
, aris
ing
from
mat
ters
such
as t
he fo
llow
ing:
A
100
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
7
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
1 of
56
• A
ccou
ntin
g pr
inci
ples
for a
ccou
ntin
g es
timat
es o
r rev
enue
reco
gniti
on m
ay b
e su
bjec
t to
diffe
ring
inte
rpre
tatio
n.
• R
equi
red
judg
men
t may
be
subj
ectiv
e, c
ompl
ex o
r req
uire
ass
umpt
ions
abo
ut th
e ef
fect
s of f
utur
e ev
ents
, for
exa
mpl
e,
judg
men
t abo
ut fa
ir va
lue.
11
3.
For
sign
ifica
nt r
isks
, to
the
exte
nt th
e au
dito
r ha
s not
alr
eady
don
e so
, the
aud
itor
shou
ld e
valu
ate
the
desi
gn o
f the
en
tity’
s rel
ated
con
trol
s, in
clud
ing
rele
vant
con
trol
act
iviti
es, a
nd d
eter
min
e w
heth
er th
ey h
ave
been
impl
emen
ted.
An
unde
rsta
ndin
g of
the
entit
y’s c
ontro
ls re
late
d to
sign
ifica
nt ri
sks i
s req
uire
d to
pro
vide
the
audi
tor w
ith a
dequ
ate
info
rmat
ion
to d
evel
op a
n ef
fect
ive
audi
t app
roac
h. M
anag
emen
t oug
ht to
be
awar
e of
sign
ifica
nt ri
sks;
how
ever
, ris
ks re
latin
g to
si
gnifi
cant
non
-rou
tine
or ju
dgm
enta
l mat
ters
are
ofte
n le
ss li
kely
to b
e su
bjec
t to
rout
ine
cont
rols
. Th
eref
ore,
the
audi
tor’s
und
erst
andi
ng o
f whe
ther
the
entit
y ha
s des
igne
d an
d im
plem
ente
d co
ntro
ls fo
r suc
h si
gnifi
cant
risk
s in
clud
es w
heth
er a
nd h
ow m
anag
emen
t res
pond
s to
the
risks
and
whe
ther
con
trol a
ctiv
ities
such
as a
revi
ew o
f ass
umpt
ions
by
seni
or m
anag
emen
t or e
xper
ts, f
orm
al p
roce
sses
for e
stim
atio
ns o
r app
rova
l by
thos
e ch
arge
d w
ith g
over
nanc
e ha
ve b
een
impl
emen
ted
to a
ddre
ss th
e ris
ks. F
or e
xam
ple,
whe
re th
ere
are
one-
off e
vent
s suc
h as
the
rece
ipt o
f not
ice
of a
sign
ifica
nt
law
suit,
con
side
ratio
n of
the
entit
y’s r
espo
nse
will
incl
ude
such
mat
ters
as w
heth
er it
has
bee
n re
ferr
ed to
app
ropr
iate
exp
erts
(suc
h as
inte
rnal
or e
xter
nal l
egal
cou
nsel
), w
heth
er a
n as
sess
men
t has
bee
n m
ade
of th
e po
tent
ial e
ffect
, and
how
it is
pr
opos
ed th
at th
e ci
rcum
stan
ces a
re to
be
disc
lose
d in
the
finan
cial
stat
emen
ts.
20
A10
2
Not
e: B
old
type
sen
tenc
e ha
s be
en
redr
afte
d.
114.
If
man
agem
ent h
as n
ot a
ppro
pria
tely
resp
onde
d by
impl
emen
ting
cont
rols
ove
r sig
nific
ant r
isks
and
if, a
s a re
sult,
the
audi
tor
judg
es th
at th
ere
is a
mat
eria
l wea
knes
s in
the
entit
y’s i
nter
nal c
ontro
l, th
e au
dito
r com
mun
icat
es th
is m
atte
r to
thos
e ch
arge
d w
ith g
over
nanc
e as
requ
ired
by p
arag
raph
120
. In
thes
e ci
rcum
stan
ces,
the
audi
tor a
lso
cons
ider
s the
impl
icat
ions
for t
he
audi
tor’s
risk
ass
essm
ent.
A10
3 N
ote:
Pa
ragr
aph
has
been
re
draf
ted.
RISK
S FO
R W
HIC
H S
UBS
TAN
TIVE
PRO
CED
URE
S AL
ON
E D
O N
OT
PRO
VID
E SU
FFIC
IEN
T AP
PRO
PRIA
TE A
UD
IT E
VID
ENC
E
115.
A
s par
t of t
he r
isk
asse
ssm
ent a
s des
crib
ed in
par
agra
ph 1
00, t
he a
udito
r sh
ould
eva
luat
e th
e de
sign
and
det
erm
ine
the
impl
emen
tatio
n of
the
entit
y’s c
ontr
ols,
incl
udin
g re
leva
nt c
ontr
ol a
ctiv
ities
, ove
r th
ose
risk
s for
whi
ch, i
n th
e au
dito
r’s
judg
men
t, it
is n
ot p
ossi
ble
or p
ract
icab
le to
red
uce
the
risk
s of m
ater
ial m
isst
atem
ent a
t the
ass
ertio
n le
vel t
o an
ac
cept
ably
low
leve
l with
aud
it ev
iden
ce o
btai
ned
only
from
subs
tant
ive
proc
edur
es.
The
cons
eque
nces
for f
urth
er a
udit
proc
edur
es o
f ide
ntify
ing
such
risk
s are
des
crib
ed in
par
agra
ph 2
5 of
ISA
330
.
21
A10
5
Not
e: B
old
type
sen
tenc
e ha
s be
en
redr
afte
d.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
8
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
2 of
56
116.
Th
e un
ders
tand
ing
of th
e en
tity’
s inf
orm
atio
n sy
stem
rele
vant
to fi
nanc
ial r
epor
ting
enab
les t
he a
udito
r to
iden
tify
risks
of
mat
eria
l mis
stat
emen
t tha
t rel
ate
dire
ctly
to th
e re
cord
ing
of ro
utin
e cl
asse
s of t
rans
actio
ns o
r acc
ount
bal
ance
s, an
d th
e pr
epar
atio
n of
relia
ble
finan
cial
stat
emen
ts; t
hese
incl
ude
risks
of i
nacc
urat
e or
inco
mpl
ete
proc
essi
ng. O
rdin
arily
, suc
h ris
ks
rela
te to
sign
ifica
nt c
lass
es o
f tra
nsac
tions
such
as a
n en
tity’
s rev
enue
, pur
chas
es, a
nd c
ash
rece
ipts
or c
ash
paym
ents
.
21
Unn
eces
sary
giv
en th
e re
quir
emen
t in
exta
nt p
ara.
115
an
d th
e gu
idan
ce in
ext
ant p
ara.
11
7.
117.
Th
e ch
arac
teris
tics o
f rou
tine
day-
to-d
ay b
usin
ess t
rans
actio
ns o
ften
perm
it hi
ghly
aut
omat
ed p
roce
ssin
g w
ith li
ttle
or n
o m
anua
l int
erve
ntio
n. In
such
circ
umst
ance
s, it
may
not
be
poss
ible
to p
erfo
rm o
nly
subs
tant
ive
proc
edur
es in
rela
tion
to th
e ris
k. F
or e
xam
ple,
in c
ircum
stan
ces w
here
a si
gnifi
cant
am
ount
of a
n en
tity’
s inf
orm
atio
n is
initi
ated
, rec
orde
d, p
roce
ssed
, or
repo
rted
elec
troni
cally
such
as i
n an
inte
grat
ed sy
stem
, the
aud
itor m
ay d
eter
min
e th
at it
is n
ot p
ossi
ble
to d
esig
n ef
fect
ive
subs
tant
ive
proc
edur
es th
at b
y th
emse
lves
wou
ld p
rovi
de su
ffici
ent a
ppro
pria
te a
udit
evid
ence
that
rele
vant
cla
sses
of
trans
actio
ns o
r acc
ount
bal
ance
s, ar
e no
t mat
eria
lly m
isst
ated
. In
such
cas
es, a
udit
evid
ence
may
be
avai
labl
e on
ly in
el
ectro
nic
form
, and
its s
uffic
ienc
y an
d ap
prop
riate
ness
usu
ally
dep
end
on th
e ef
fect
iven
ess o
f con
trols
ove
r its
acc
urac
y an
d co
mpl
eten
ess.
Furth
erm
ore,
the
pote
ntia
l for
impr
oper
initi
atio
n or
alte
ratio
n of
info
rmat
ion
to o
ccur
and
not
be
dete
cted
may
be
gre
ater
if in
form
atio
n is
initi
ated
, rec
orde
d, p
roce
ssed
or r
epor
ted
only
in e
lect
roni
c fo
rm a
nd a
ppro
pria
te c
ontro
ls a
re n
ot
oper
atin
g ef
fect
ivel
y.
A10
4 N
ote:
Th
ird
sent
ence
ha
s be
en
redr
afte
d.
118.
Ex
ampl
es o
f situ
atio
ns w
here
the
audi
tor m
ay fi
nd it
impo
ssib
le to
des
ign
effe
ctiv
e su
bsta
ntiv
e pr
oced
ures
that
by
them
selv
es
prov
ide
suffi
cien
t app
ropr
iate
aud
it ev
iden
ce th
at c
erta
in a
sser
tions
are
not
mat
eria
lly m
isst
ated
incl
ude
the
follo
win
g:
• A
n en
tity
that
con
duct
s its
bus
ines
s usi
ng IT
to in
itiat
e or
ders
for t
he p
urch
ase
and
deliv
ery
of g
oods
bas
ed o
n pr
edet
erm
ined
rule
s of w
hat t
o or
der a
nd in
wha
t qua
ntiti
es a
nd to
pay
the
rela
ted
acco
unts
pay
able
bas
ed o
n sy
stem
-ge
nera
ted
deci
sion
s ini
tiate
d up
on th
e co
nfirm
ed re
ceip
t of g
oods
and
term
s of p
aym
ent.
No
othe
r doc
umen
tatio
n of
or
ders
pla
ced
or g
oods
rece
ived
is p
rodu
ced
or m
aint
aine
d, o
ther
than
thro
ugh
the
IT sy
stem
. •
An
entit
y th
at p
rovi
des s
ervi
ces t
o cu
stom
ers v
ia e
lect
roni
c m
edia
(for
exa
mpl
e, a
n In
tern
et se
rvic
e pr
ovid
er o
r a
tele
com
mun
icat
ions
com
pany
) and
use
s IT
to c
reat
e a
log
of th
e se
rvic
es p
rovi
ded
to it
s cus
tom
ers,
initi
ate
and
proc
ess
its b
illin
gs fo
r the
serv
ices
and
aut
omat
ical
ly re
cord
such
am
ount
s in
elec
troni
c ac
coun
ting
reco
rds t
hat a
re p
art o
f the
sy
stem
use
d to
pro
duce
the
entit
y’s f
inan
cial
stat
emen
ts.
Ex
ampl
es n
ot c
onsi
dere
d ne
cess
ary
to fu
rthe
r co
mm
unic
ate
the
inte
nded
poi
nt.
REVI
SIO
N O
F RI
SK A
SSES
SMEN
T
119.
Th
e au
dito
r’s a
sses
smen
t of t
he ri
sks o
f mat
eria
l mis
stat
emen
t at t
he a
sser
tion
leve
l is b
ased
on
avai
labl
e au
dit e
vide
nce
and
22
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·175
9
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
3 of
56
may
cha
nge
durin
g th
e co
urse
of t
he a
udit
as a
dditi
onal
aud
it ev
iden
ce is
obt
aine
d. In
par
ticul
ar, t
he ri
sk a
sses
smen
t may
be
base
d on
an
expe
ctat
ion
that
con
trols
are
ope
ratin
g ef
fect
ivel
y to
pre
vent
, or d
etec
t and
cor
rect
, a m
ater
ial m
isst
atem
ent a
t the
as
serti
on le
vel.
In p
erfo
rmin
g te
sts o
f con
trols
to o
btai
n au
dit e
vide
nce
abou
t the
ir op
erat
ing
effe
ctiv
enes
s, th
e au
dito
r may
ob
tain
aud
it ev
iden
ce th
at c
ontro
ls a
re n
ot o
pera
ting
effe
ctiv
ely
at re
leva
nt ti
mes
dur
ing
the
audi
t. Si
mila
rly, i
n pe
rfor
min
g su
bsta
ntiv
e pr
oced
ures
the
audi
tor m
ay d
etec
t mis
stat
emen
ts in
am
ount
s or f
requ
ency
gre
ater
than
is c
onsi
sten
t with
the
audi
tor’s
risk
ass
essm
ents
. In
circ
umst
ance
s whe
re th
e au
dito
r obt
ains
aud
it ev
iden
ce fr
om p
erfo
rmin
g fu
rther
aud
it pr
oced
ures
that
tend
s to
cont
radi
ct th
e au
dit e
vide
nce
on w
hich
the
audi
tor o
rigin
ally
bas
ed th
e as
sess
men
t, th
e au
dito
r rev
ises
th
e as
sess
men
t and
mod
ifies
the
furth
er p
lann
ed a
udit
proc
edur
es a
ccor
ding
ly. S
ee p
arag
raph
s 66
and
70 o
f ISA
330
for
furth
er g
uida
nce.
A10
6 22
Seco
nd t
hrou
gh f
ourth
sen
tenc
es
have
bee
n re
draf
ted.
Com
mun
icat
ing
With
Tho
se C
harg
ed W
ith G
over
nanc
e an
d M
anag
emen
t
120.
T
he a
udito
r sh
ould
mak
e th
ose
char
ged
with
gov
erna
nce
or m
anag
emen
t aw
are,
as s
oon
as p
ract
icab
le, a
nd a
t an
appr
opri
ate
leve
l of r
espo
nsib
ility
, of m
ater
ial w
eakn
esse
s in
the
desi
gn o
r im
plem
enta
tion
of in
tern
al c
ontr
ol w
hich
ha
ve c
ome
to th
e au
dito
r’s a
tten
tion.
23
Not
e: B
old
type
par
agra
ph h
as
been
re
draf
ted
to
incl
ude
cons
ider
atio
n of
wea
knes
ses
in
inte
rnal
con
trol
perta
inin
g to
the
pr
even
tion
and
dete
ctio
n of
frau
d.
This
ha
s be
en
done
to
pe
rmit
elim
inat
ion
of
the
dupl
icat
ive
requ
irem
ent i
n IS
A 2
40.
121.
If
the a
udito
r ide
ntifi
es ri
sks o
f mat
eria
l mis
stat
emen
t whi
ch th
e ent
ity h
as ei
ther
not
cont
rolle
d, o
r for
whi
ch th
e rel
evan
t con
trol i
s in
adeq
uate
, or i
f in
the
audi
tor’s
judg
men
t the
re is
a m
ater
ial w
eakn
ess i
n th
e en
tity’
s ris
k as
sess
men
t pro
cess
, the
n th
e au
dito
r in
clud
es s
uch
inte
rnal
con
trol
wea
knes
ses
in t
he c
omm
unic
atio
n of
aud
it m
atte
rs o
f go
vern
ance
int
eres
t. Se
e IS
A 2
60,
“Com
mun
icat
ions
of A
udit
Mat
ters
with
Tho
se C
harg
ed w
ith G
over
nanc
e.”
4c
Doc
umen
tatio
n
122.
T
he a
udito
r sh
ould
doc
umen
t:
(a)
The
dis
cuss
ion
amon
g th
e en
gage
men
t tea
m r
egar
ding
the
susc
eptib
ility
of t
he e
ntity
’s fi
nanc
ial s
tate
men
ts to
m
ater
ial m
isst
atem
ent d
ue to
err
or o
r fr
aud,
and
the
sign
ifica
nt d
ecis
ions
rea
ched
; (b
) K
ey e
lem
ents
of t
he u
nder
stan
ding
obt
aine
d re
gard
ing
each
of t
he a
spec
ts o
f the
ent
ity a
nd it
s env
iron
men
t id
entif
ied
in p
arag
raph
20,
incl
udin
g ea
ch o
f the
inte
rnal
con
trol
com
pone
nts i
dent
ified
in p
arag
raph
43,
to
24
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
0
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
4 of
56
asse
ss th
e ri
sks o
f mat
eria
l mis
stat
emen
t of t
he fi
nanc
ial s
tate
men
ts; t
he so
urce
s of i
nfor
mat
ion
from
whi
ch th
e un
ders
tand
ing
was
obt
aine
d; a
nd th
e ri
sk a
sses
smen
t pro
cedu
res;
(c
) T
he id
entif
ied
and
asse
ssed
ris
ks o
f mat
eria
l mis
stat
emen
t at t
he fi
nanc
ial s
tate
men
t lev
el a
nd a
t the
ass
ertio
n le
vel a
s req
uire
d by
par
agra
ph 1
00; a
nd
(d)
The
ris
ks id
entif
ied
and
rela
ted
cont
rols
eva
luat
ed a
s a r
esul
t of t
he r
equi
rem
ents
in p
arag
raph
s 113
and
115
. 12
3.
The
man
ner i
n w
hich
thes
e m
atte
rs a
re d
ocum
ente
d is
for t
he a
udito
r to
dete
rmin
e us
ing
prof
essi
onal
judg
men
t. In
par
ticul
ar,
the
resu
lts o
f the
risk
ass
essm
ent m
ay b
e do
cum
ente
d se
para
tely
, or m
ay b
e do
cum
ente
d as
par
t of t
he a
udito
r’s
docu
men
tatio
n of
furth
er p
roce
dure
s (se
e pa
ragr
aph
73 o
f ISA
330
for a
dditi
onal
gui
danc
e). E
xam
ples
of c
omm
on te
chni
ques
, us
ed a
lone
or i
n co
mbi
natio
n in
clud
e na
rrat
ive
desc
riptio
ns, q
uest
ionn
aire
s, ch
eck
lists
and
flow
cha
rts. S
uch
tech
niqu
es m
ay
also
be
usef
ul in
doc
umen
ting
the
audi
tor’s
ass
essm
ent o
f the
risk
s of m
ater
ial m
isst
atem
ent a
t the
ove
rall
finan
cial
stat
emen
t an
d as
serti
ons l
evel
. The
form
and
ext
ent o
f thi
s doc
umen
tatio
n is
influ
ence
d by
the
natu
re, s
ize
and
com
plex
ity o
f the
ent
ity
and
its in
tern
al c
ontro
l, av
aila
bilit
y of
info
rmat
ion
from
the
entit
y an
d th
e sp
ecifi
c au
dit m
etho
dolo
gy a
nd te
chno
logy
use
d in
th
e co
urse
of t
he a
udit.
For
exa
mpl
e, d
ocum
enta
tion
of th
e un
ders
tand
ing
of a
com
plex
info
rmat
ion
syst
em in
whi
ch a
larg
e vo
lum
e of
tran
sact
ions
are
ele
ctro
nica
lly in
itiat
ed, r
ecor
ded,
pro
cess
ed, o
r rep
orte
d m
ay in
clud
e flo
wch
arts
, que
stio
nnai
res,
or
deci
sion
tabl
es. F
or a
n in
form
atio
n sy
stem
mak
ing
limite
d or
no
use
of IT
or f
or w
hich
few
tran
sact
ions
are
pro
cess
ed (f
or
exam
ple,
long
-term
deb
t), d
ocum
enta
tion
in th
e fo
rm o
f a m
emor
andu
m m
ay b
e su
ffici
ent.
Ord
inar
ily, t
he m
ore
com
plex
the
entit
y an
d th
e m
ore
exte
nsiv
e th
e au
dit p
roce
dure
s per
form
ed b
y th
e au
dito
r, th
e m
ore
exte
nsiv
e th
e au
dito
r’s d
ocum
enta
tion
will
be.
ISA
230
, “D
ocum
enta
tion”
pro
vide
s gui
danc
e re
gard
ing
docu
men
tatio
n in
the
cont
ext o
f the
aud
it of
fina
ncia
l st
atem
ents
.
A10
8 U
nnec
essa
ry e
xam
ple.
U
nnec
essa
ry e
xam
ple.
124.
Th
is IS
A is
effe
ctiv
e fo
r aud
its o
f fin
anci
al st
atem
ents
for p
erio
ds b
egin
ning
on
or a
fter D
ecem
ber 1
5, 2
004.
2
Pu
blic
Sec
tor
Pers
pect
ive
1.
Whe
n ca
rryi
ng o
ut a
udits
of p
ublic
sect
or e
ntiti
es, t
he a
udito
r tak
es in
to a
ccou
nt th
e le
gisl
ativ
e fr
amew
ork
and
any
othe
r re
leva
nt re
gula
tions
, ord
inan
ces o
r min
iste
rial d
irect
ives
that
affe
ct th
e au
dit m
anda
te a
nd a
ny o
ther
spec
ial a
uditi
ng
requ
irem
ents
. The
refo
re in
obt
aini
ng a
n un
ders
tand
ing
of th
e re
gula
tory
fram
ewor
k as
requ
ired
in p
arag
raph
22
of th
is IS
A,
audi
tors
will
hav
e re
gard
to th
e le
gisl
atio
n an
d pr
oper
aut
horit
y go
vern
ing
the
oper
atio
n of
an
entit
y. S
imila
rly in
resp
ect o
f pa
ragr
aph
30 o
f thi
s ISA
the
audi
tor s
houl
d be
aw
are
that
the
“man
agem
ent o
bjec
tives
” of
pub
lic se
ctor
ent
ities
may
be
influ
ence
d by
con
cern
s reg
ardi
ng p
ublic
acc
ount
abili
ty a
nd m
ay in
clud
e ob
ject
ives
whi
ch h
ave
thei
r sou
rce
in le
gisl
atio
n,
regu
latio
ns, g
over
nmen
t ord
inan
ces,
and
min
iste
rial d
irect
ives
.
A18
an
d A
25
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
1
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
5 of
56
2.
Para
grap
hs 4
7-53
of t
his I
SA e
xpla
in th
e co
ntro
ls re
leva
nt to
the
audi
t. Pu
blic
sect
or a
udito
rs o
ften
have
add
ition
al
resp
onsi
bilit
ies w
ith re
spec
t to
inte
rnal
con
trols
, for
exa
mpl
e to
repo
rt on
com
plia
nce
with
an
esta
blis
hed
Cod
e of
Pra
ctic
e.
Publ
ic se
ctor
aud
itors
can
als
o ha
ve re
spon
sibi
litie
s to
repo
rt on
the
com
plia
nce
with
legi
slat
ive
auth
oriti
es. T
heir
revi
ew o
f in
tern
al c
ontro
ls m
ay b
e br
oade
r and
mor
e de
taile
d.
A53
3.
Para
grap
hs 1
20 a
nd 1
21 o
f thi
s ISA
dea
ls w
ith c
omm
unic
atio
n of
wea
knes
ses.
Ther
e m
ay b
e ad
ditio
nal c
omm
unic
atio
n or
re
porti
ng re
quire
men
ts fo
r pub
lic se
ctor
aud
itors
. For
exa
mpl
e, in
tern
al c
ontro
l wea
knes
ses m
ay h
ave
to b
e re
porte
d to
the
legi
slat
ure
or o
ther
gov
erni
ng b
ody.
A10
7
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
2
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
6 of
56
App
endi
x 1:
Und
erst
andi
ng th
e E
ntity
and
Its E
nvir
onm
ent
This
app
endi
x pr
ovid
es a
dditi
onal
gui
danc
e on
mat
ters
the
audi
tor m
ay c
onsi
der w
hen
obta
inin
g an
und
erst
andi
ng o
f the
indu
stry
, re
gula
tory
, and
oth
er e
xter
nal f
acto
rs th
at a
ffec
t the
ent
ity, i
nclu
ding
the
appl
icab
le fi
nanc
ial r
epor
ting
fram
ewor
k; th
e na
ture
of t
he
entit
y; o
bjec
tives
and
stra
tegi
es a
nd re
late
d bu
sine
ss ri
sks;
and
mea
sure
men
t and
revi
ew o
f the
ent
ity’s
fina
ncia
l per
form
ance
. The
ex
ampl
es p
rovi
ded
cove
r a b
road
rang
e of
mat
ters
app
licab
le to
man
y en
gage
men
ts; h
owev
er, n
ot a
ll m
atte
rs a
re re
leva
nt to
eve
ry
enga
gem
ent a
nd th
e lis
t of e
xam
ples
is n
ot n
eces
saril
y co
mpl
ete.
Add
ition
al g
uida
nce
on in
tern
al c
ontro
l is c
onta
ined
in A
ppen
dix
2.
IND
UST
RY, R
EGU
LATO
RY A
ND
OTH
ER E
XTER
NAL
FAC
TORS
, IN
CLU
DIN
G T
HE
APPL
ICAB
LE F
INAN
CIA
L RE
PORT
ING
FR
AMEW
ORK
Ex
ampl
es o
f mat
ters
an
audi
tor m
ay c
onsi
der i
nclu
de th
e fo
llow
ing:
•
Indu
stry
con
ditio
ns
– Th
e m
arke
t and
com
petit
ion,
incl
udin
g de
man
d, c
apac
ity, a
nd p
rice
com
petit
ion
– C
yclic
al o
r sea
sona
l act
ivity
–
Prod
uct t
echn
olog
y re
latin
g to
the
entit
y’s p
rodu
cts
– En
ergy
supp
ly a
nd c
ost
• R
egul
ator
y en
viro
nmen
t –
Acc
ount
ing
prin
cipl
es a
nd in
dust
ry sp
ecifi
c pr
actic
es
– R
egul
ator
y fr
amew
ork
for a
regu
late
d in
dust
ry
– Le
gisl
atio
n an
d re
gula
tion
that
sign
ifica
ntly
affe
ct th
e en
tity’
s ope
ratio
ns
o
Reg
ulat
ory
requ
irem
ents
o
D
irect
supe
rvis
ory
activ
ities
–
Taxa
tion
(cor
pora
te a
nd o
ther
) –
Gov
ernm
ent p
olic
ies c
urre
ntly
affe
ctin
g th
e co
nduc
t of t
he e
ntity
’s b
usin
ess
o
Mon
etar
y, in
clud
ing
fore
ign
exch
ange
con
trols
o
Fi
scal
o
Fi
nanc
ial i
ncen
tives
(for
exa
mpl
e, g
over
nmen
t aid
pro
gram
s)
o
Tarif
fs, t
rade
rest
rictio
ns
– En
viro
nmen
tal r
equi
rem
ents
affe
ctin
g th
e in
dust
ry a
nd th
e en
tity’
s bus
ines
s •
Oth
er e
xter
nal f
acto
rs c
urre
ntly
affe
ctin
g th
e en
tity’
s bus
ines
s –
Gen
eral
leve
l of e
cono
mic
act
ivity
(for
exa
mpl
e, re
cess
ion,
gro
wth
) –
Inte
rest
rate
s and
ava
ilabi
lity
of fi
nanc
ing
– In
flatio
n, c
urre
ncy
reva
luat
ion
NAT
URE
OF
THE
ENTI
TY
Exam
ples
of m
atte
rs a
n au
dito
r may
con
side
r inc
lude
the
follo
win
g:
Bus
ines
s Ope
ratio
ns
A15
A
17
A20
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
3
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
7 of
56
• N
atur
e of
reve
nue
sour
ces (
for e
xam
ple,
man
ufac
ture
r, w
hole
sale
r, ba
nkin
g, in
sura
nce
or o
ther
fina
ncia
l ser
vice
s, im
port/
expo
rt tra
ding
, util
ity, t
rans
porta
tion,
and
tech
nolo
gy p
rodu
cts a
nd se
rvic
es)
• Pr
oduc
ts o
r ser
vice
s and
mar
kets
(for
exa
mpl
e, m
ajor
cus
tom
ers a
nd c
ontra
cts,
term
s of p
aym
ent,
prof
it m
argi
ns, m
arke
t sh
are,
com
petit
ors,
expo
rts, p
ricin
g po
licie
s, re
puta
tion
of p
rodu
cts,
war
rant
ies,
orde
r boo
k, tr
ends
, mar
ketin
g st
rate
gy a
nd
obje
ctiv
es, m
anuf
actu
ring
proc
esse
s)
• C
ondu
ct o
f ope
ratio
ns (f
or e
xam
ple,
stag
es a
nd m
etho
ds o
f pro
duct
ion,
bus
ines
s seg
men
ts, d
eliv
ery
or p
rodu
cts a
nd se
rvic
es,
deta
ils o
f dec
linin
g or
exp
andi
ng o
pera
tions
) •
Alli
ance
s, jo
int v
entu
res,
and
outs
ourc
ing
activ
ities
•
Invo
lvem
ent i
n el
ectro
nic
com
mer
ce, i
nclu
ding
Inte
rnet
sale
s and
mar
ketin
g ac
tiviti
es
• G
eogr
aphi
c di
sper
sion
and
indu
stry
segm
enta
tion
• Lo
catio
n of
pro
duct
ion
faci
litie
s, w
areh
ouse
s, an
d of
fices
•
Key
cus
tom
ers
• Im
porta
nt su
pplie
rs o
f goo
ds a
nd se
rvic
es (f
or e
xam
ple,
long
-term
con
tract
s, st
abili
ty o
f sup
ply,
term
s of p
aym
ent,
impo
rts,
met
hods
of d
eliv
ery
such
as “
just
-in-ti
me”
) •
Empl
oym
ent (
for e
xam
ple,
by
loca
tion,
supp
ly, w
age
leve
ls, u
nion
con
tract
s, pe
nsio
n an
d ot
her p
ost e
mpl
oym
ent b
enef
its,
stoc
k op
tion
or in
cent
ive
bonu
s arr
ange
men
ts, a
nd g
over
nmen
t reg
ulat
ion
rela
ted
to e
mpl
oym
ent m
atte
rs)
• R
esea
rch
and
deve
lopm
ent a
ctiv
ities
and
exp
endi
ture
s •
Tran
sact
ions
with
rela
ted
parti
es
Inve
stm
ents
•
Acq
uisi
tions
, mer
gers
or d
ispo
sals
of b
usin
ess a
ctiv
ities
(pla
nned
or r
ecen
tly e
xecu
ted)
•
Inve
stm
ents
and
dis
posi
tions
of s
ecur
ities
and
loan
s •
Cap
ital i
nves
tmen
t act
iviti
es, i
nclu
ding
inve
stm
ents
in p
lant
and
equ
ipm
ent a
nd te
chno
logy
, and
any
rece
nt o
r pla
nned
ch
ange
s •
Inve
stm
ents
in n
on-c
onso
lidat
ed e
ntiti
es, i
nclu
ding
par
tner
ship
s, jo
int v
entu
res a
nd sp
ecia
l-pur
pose
ent
ities
Fi
nanc
ing
• G
roup
stru
ctur
e –
maj
or su
bsid
iarie
s and
ass
ocia
ted
entit
ies,
incl
udin
g co
nsol
idat
ed a
nd n
on-c
onso
lidat
ed st
ruct
ures
•
Deb
t stru
ctur
e, in
clud
ing
cove
nant
s, re
stric
tions
, gua
rant
ees,
and
off-
bala
nce-
shee
t fin
anci
ng a
rran
gem
ents
•
Leas
ing
of p
rope
rty, p
lant
or e
quip
men
t for
use
in th
e bu
sine
ss
• B
enef
icia
l ow
ners
(loc
al, f
orei
gn, b
usin
ess r
eput
atio
n an
d ex
perie
nce)
•
Rel
ated
par
ties
• U
se o
f der
ivat
ive
finan
cial
inst
rum
ents
Fi
nanc
ial R
epor
ting
• A
ccou
ntin
g pr
inci
ples
and
indu
stry
spec
ific
prac
tices
•
Rev
enue
reco
gniti
on p
ract
ices
•
Acc
ount
ing
for f
air v
alue
s •
Inve
ntor
ies (
for e
xam
ple,
loca
tions
, qua
ntiti
es)
A22
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
4
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
8 of
56
• Fo
reig
n cu
rren
cy a
sset
s, lia
bilit
ies a
nd tr
ansa
ctio
ns
• In
dust
ry-s
peci
fic si
gnifi
cant
cat
egor
ies (
for e
xam
ple,
loan
s and
inve
stm
ents
for b
anks
, acc
ount
s rec
eiva
ble
and
inve
ntor
y fo
r m
anuf
actu
rers
, res
earc
h an
d de
velo
pmen
t for
pha
rmac
eutic
als)
•
Acc
ount
ing
for u
nusu
al o
r com
plex
tran
sact
ions
incl
udin
g th
ose
in c
ontro
vers
ial o
r em
ergi
ng a
reas
(for
exa
mpl
e, a
ccou
ntin
g fo
r sto
ck-b
ased
com
pens
atio
n)
• Fi
nanc
ial s
tate
men
t pre
sent
atio
n an
d di
sclo
sure
OBJ
ECTI
VES
AND
STR
ATEG
IES
AND
REL
ATED
BU
SIN
ESS
RISK
S Ex
ampl
es o
f mat
ters
an
audi
tor m
ay c
onsi
der i
nclu
de th
e fo
llow
ing:
•
Exis
tenc
e of
obj
ectiv
es (i
.e.,
how
the
entit
y ad
dres
ses i
ndus
try, r
egul
ator
y an
d ot
her e
xter
nal f
acto
rs) r
elat
ing
to, f
or e
xam
ple,
th
e fo
llow
ing:
–
Indu
stry
dev
elop
men
ts (a
pot
entia
l rel
ated
bus
ines
s ris
k m
ight
be,
for e
xam
ple,
that
the
entit
y do
es n
ot h
ave
the
pers
onne
l or e
xper
tise
to d
eal w
ith th
e ch
ange
s in
the
indu
stry
) –
New
pro
duct
s and
serv
ices
(a p
oten
tial r
elat
ed b
usin
ess r
isk
mig
ht b
e, fo
r exa
mpl
e, th
at th
ere
is in
crea
sed
prod
uct
liabi
lity)
–
Expa
nsio
n of
the
busi
ness
(a p
oten
tial r
elat
ed b
usin
ess r
isk
mig
ht b
e, fo
r exa
mpl
e, th
at th
e de
man
d ha
s not
bee
n ac
cura
tely
est
imat
ed)
– N
ew a
ccou
ntin
g re
quire
men
ts (a
pot
entia
l rel
ated
bus
ines
s ris
k m
ight
be,
for e
xam
ple,
inco
mpl
ete
or im
prop
er
impl
emen
tatio
n, o
r inc
reas
ed c
osts
) –
Reg
ulat
ory
requ
irem
ents
(a p
oten
tial r
elat
ed b
usin
ess r
isk
mig
ht b
e, fo
r exa
mpl
e, th
at th
ere
is in
crea
sed
lega
l exp
osur
e)
– C
urre
nt a
nd p
rosp
ectiv
e fin
anci
ng re
quire
men
ts (a
pot
entia
l rel
ated
bus
ines
s ris
k m
ight
be,
for e
xam
ple,
the
loss
of
finan
cing
due
to th
e en
tity’
s ina
bilit
y to
mee
t req
uire
men
ts)
– U
se o
f IT
(a p
oten
tial r
elat
ed b
usin
ess r
isk
mig
ht b
e, fo
r exa
mpl
e, th
at sy
stem
s and
pro
cess
es a
re in
com
patib
le)
• Ef
fect
s of i
mpl
emen
ting
a st
rate
gy, p
artic
ular
ly a
ny e
ffect
s tha
t will
lead
to n
ew a
ccou
ntin
g re
quire
men
ts (a
pot
entia
l rel
ated
bu
sine
ss ri
sk m
ight
be,
for e
xam
ple,
inco
mpl
ete
or im
prop
er im
plem
enta
tion)
M
EASU
REM
ENT
AND
REV
IEW
OF
THE
ENTI
TY’S
FIN
ANC
IAL
PERF
ORM
ANC
E Ex
ampl
es o
f mat
ters
an
audi
tor m
ay c
onsi
der i
nclu
de th
e fo
llow
ing:
•
Key
ratio
s and
ope
ratin
g st
atis
tics
• K
ey p
erfo
rman
ce in
dica
tors
•
Empl
oyee
per
form
ance
mea
sure
s and
ince
ntiv
e co
mpe
nsat
ion
polic
ies
• Tr
ends
•
Use
of f
orec
asts
, bud
gets
and
var
ianc
e an
alys
is
• A
naly
st re
ports
and
cre
dit r
atin
g re
ports
•
Com
petit
or a
naly
sis
• Pe
riod-
on-p
erio
d fin
anci
al p
erfo
rman
ce (r
even
ue g
row
th, p
rofit
abili
ty, l
ever
age)
A27
A
32-
A33
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
5
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 4
9 of
56
App
endi
x 2:
Inte
rnal
Con
trol
Com
pone
nts
1.
As s
et o
ut in
par
agra
ph 9
of I
SA 3
15 a
nd d
escr
ibed
in p
arag
raph
s A62
-A90
, int
erna
l con
trol c
onsi
sts o
f the
follo
win
g co
mpo
nent
s:
(a)
The
cont
rol e
nviro
nmen
t;
(b)
The
entit
y’s r
isk
asse
ssm
ent p
roce
ss;
(c)
The
info
rmat
ion
syst
em, i
nclu
ding
the
rela
ted
busi
ness
pro
cess
es, r
elev
ant t
o fin
anci
al re
porti
ng, a
nd c
omm
unic
atio
n;
(d)
Con
trol a
ctiv
ities
; and
(e)
Mon
itorin
g of
con
trols
. Th
is a
ppen
dix
furth
er e
xpla
ins t
he a
bove
com
pone
nts a
s the
y re
late
to a
fina
ncia
l sta
tem
ent a
udit.
CO
NTR
OL
ENVI
RON
MEN
T
2.
The
cont
rol e
nviro
nmen
t inc
lude
s the
atti
tude
s, aw
aren
ess,
and
actio
ns o
f man
agem
ent a
nd th
ose
char
ged
with
gov
erna
nce
conc
erni
ng th
e en
tity’
s int
erna
l con
trol a
nd it
s im
porta
nce
in th
e en
tity.
The
con
trol e
nviro
nmen
t als
o in
clud
es th
e go
vern
ance
an
d m
anag
emen
t fun
ctio
ns a
nd se
ts th
e to
ne o
f an
orga
niza
tion,
influ
enci
ng th
e co
ntro
l con
scio
usne
ss o
f its
peo
ple.
It is
the
foun
datio
n fo
r effe
ctiv
e in
tern
al c
ontro
l, pr
ovid
ing
disc
iplin
e an
d st
ruct
ure.
3.
The
cont
rol e
nviro
nmen
t enc
ompa
sses
the
follo
win
g el
emen
ts:
(a)
Com
mun
icat
ion
and
enfo
rcem
ent o
f int
egri
ty a
nd e
thic
al v
alue
s. Th
e ef
fect
iven
ess o
f con
trols
can
not r
ise
abov
e th
e in
tegr
ity a
nd e
thic
al v
alue
s of t
he p
eopl
e w
ho c
reat
e, a
dmin
iste
r, an
d m
onito
r the
m. I
nteg
rity
and
ethi
cal v
alue
s are
es
sent
ial e
lem
ents
of t
he c
ontro
l env
ironm
ent w
hich
influ
ence
the
effe
ctiv
enes
s of t
he d
esig
n, a
dmin
istra
tion,
and
m
onito
ring
of o
ther
com
pone
nts o
f int
erna
l con
trol.
Inte
grity
and
eth
ical
beh
avio
r are
the
prod
uct o
f the
ent
ity’s
eth
ical
an
d be
havi
oral
stan
dard
s, ho
w th
ey a
re c
omm
unic
ated
, and
how
they
are
rein
forc
ed in
pra
ctic
e. T
hey
incl
ude
man
agem
ent’s
act
ions
to re
mov
e or
redu
ce in
cent
ives
and
tem
ptat
ions
that
mig
ht p
rom
pt p
erso
nnel
to e
ngag
e in
di
shon
est,
illeg
al, o
r une
thic
al a
cts.
They
als
o in
clud
e th
e co
mm
unic
atio
n of
ent
ity v
alue
s and
beh
avio
ral s
tand
ards
to
pers
onne
l thr
ough
pol
icy
stat
emen
ts a
nd c
odes
of c
ondu
ct a
nd b
y ex
ampl
e.
(b)
Com
mitm
ent t
o co
mpe
tenc
e. C
ompe
tenc
e is
the
know
ledg
e an
d sk
ills n
eces
sary
to a
ccom
plis
h ta
sks t
hat d
efin
e th
e in
divi
dual
’s jo
b. C
omm
itmen
t to
com
pete
nce
incl
udes
man
agem
ent’s
con
side
ratio
n of
the
com
pete
nce
leve
ls fo
r
A60
-A
67
Unl
ess
othe
rwis
e no
ted,
del
etio
ns
(not
ed in
hig
hlig
ht) a
re to
rem
ove
over
lap
or d
uplic
atio
n th
at e
xist
s be
twee
n th
e ap
pend
ix
and
the
body
of t
he IS
A.
Unn
eces
sary
stat
emen
t. Ed
ucat
iona
l in
natu
re an
d ef
fect
ivel
y co
vere
d by
seco
nd se
nten
ce.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
6
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 5
0 of
56
parti
cula
r job
s and
how
thos
e le
vels
tran
slat
e in
to re
quis
ite sk
ills a
nd k
now
ledg
e.
(c)
Part
icip
atio
n by
thos
e ch
arge
d w
ith g
over
nanc
e. A
n en
tity’
s con
trol c
onsc
ious
ness
is in
fluen
ced
sign
ifica
ntly
by
thos
e ch
arge
d w
ith g
over
nanc
e. A
ttrib
utes
of t
hose
cha
rged
with
gov
erna
nce
incl
ude
inde
pend
ence
from
man
agem
ent,
thei
r ex
perie
nce
and
stat
ure,
the
exte
nt o
f the
ir in
volv
emen
t and
scru
tiny
of a
ctiv
ities
, the
app
ropr
iate
ness
of t
heir
actio
ns,
the
info
rmat
ion
they
rece
ive,
the
degr
ee to
whi
ch d
iffic
ult q
uest
ions
are
rais
ed a
nd p
ursu
ed w
ith m
anag
emen
t, an
d th
eir
inte
ract
ion
with
inte
rnal
and
ext
erna
l aud
itors
. The
impo
rtanc
e of
resp
onsi
bilit
ies o
f tho
se c
harg
ed w
ith g
over
nanc
e is
re
cogn
ized
in c
odes
of p
ract
ice
and
othe
r reg
ulat
ions
or g
uida
nce
prod
uced
for t
he b
enef
it of
thos
e ch
arge
d w
ith
gove
rnan
ce. O
ther
resp
onsi
bilit
ies o
f tho
se c
harg
ed w
ith g
over
nanc
e in
clud
e ov
ersi
ght o
f the
des
ign
and
effe
ctiv
e op
erat
ion
of w
hist
le b
low
er p
roce
dure
s and
the
proc
ess f
or re
view
ing
the
effe
ctiv
enes
s of t
he e
ntity
’s in
tern
al c
ontro
l.
(d)
Man
agem
ent’s
phi
loso
phy
and
oper
atin
g st
yle.
Man
agem
ent’s
phi
loso
phy
and
oper
atin
g st
yle
enco
mpa
ss a
bro
ad ra
nge
of c
hara
cter
istic
s. Su
ch c
hara
cter
istic
s may
incl
ude
the
follo
win
g: m
anag
emen
t’s a
ppro
ach
to ta
king
and
mon
itorin
g bu
sine
ss ri
sks;
man
agem
ent’s
atti
tude
s and
act
ions
tow
ard
finan
cial
repo
rting
(con
serv
ativ
e or
agg
ress
ive
sele
ctio
n fr
om a
vaila
ble
alte
rnat
ive
acco
untin
g pr
inci
ples
, and
con
scie
ntio
usne
ss a
nd c
onse
rvat
ism
with
whi
ch a
ccou
ntin
g es
timat
es a
re d
evel
oped
); an
d m
anag
emen
t’s a
ttitu
des t
owar
d in
form
atio
n pr
oces
sing
and
acc
ount
ing
func
tions
and
pe
rson
nel.
(e)
Org
aniz
atio
nal s
truc
ture
. An
entit
y’s o
rgan
izat
iona
l stru
ctur
e pr
ovid
es th
e fr
amew
ork
with
in w
hich
its a
ctiv
ities
for
achi
evin
g en
tity-
wid
e ob
ject
ives
are
pla
nned
, exe
cute
d, c
ontro
lled,
and
revi
ewed
. Est
ablis
hing
a re
leva
nt
orga
niza
tiona
l stru
ctur
e in
clud
es c
onsi
derin
g ke
y ar
eas o
f aut
horit
y an
d re
spon
sibi
lity
and
appr
opria
te li
nes o
f re
porti
ng. A
n en
tity
deve
lops
an
orga
niza
tiona
l stru
ctur
e su
ited
to it
s nee
ds. T
he a
ppro
pria
tene
ss o
f an
entit
y’s
orga
niza
tiona
l stru
ctur
e de
pend
s, in
par
t, on
its s
ize
and
the
natu
re o
f its
act
iviti
es.
(f)
Assi
gnm
ent o
f aut
hori
ty a
nd re
spon
sibi
lity.
Thi
s fac
tor i
nclu
des h
ow a
utho
rity
and
resp
onsi
bilit
y fo
r ope
ratin
g ac
tiviti
es
are
assi
gned
and
how
repo
rting
rela
tions
hips
and
aut
horiz
atio
n hi
erar
chie
s are
est
ablis
hed.
It a
lso
incl
udes
pol
icie
s re
latin
g to
app
ropr
iate
bus
ines
s pra
ctic
es, k
now
ledg
e an
d ex
perie
nce
of k
ey p
erso
nnel
, and
reso
urce
s pro
vide
d fo
r ca
rryi
ng o
ut d
utie
s. In
add
ition
, it i
nclu
des p
olic
ies a
nd c
omm
unic
atio
ns d
irect
ed a
t ens
urin
g th
at a
ll pe
rson
nel
unde
rsta
nd th
e en
tity’
s obj
ectiv
es, k
now
how
thei
r ind
ivid
ual a
ctio
ns in
terr
elat
e an
d co
ntrib
ute
to th
ose
obje
ctiv
es, a
nd
reco
gniz
e ho
w a
nd fo
r wha
t the
y w
ill b
e he
ld a
ccou
ntab
le.
(g)
Hum
an re
sour
ce p
olic
ies a
nd p
ract
ices
. Hum
an re
sour
ce p
olic
ies a
nd p
ract
ices
rela
te to
recr
uitm
ent,
orie
ntat
ion,
tra
inin
g, e
valu
atin
g, c
ouns
elin
g, p
rom
otin
g, c
ompe
nsat
ing,
and
rem
edia
l act
ions
. For
exa
mpl
e, st
anda
rds f
or re
crui
ting
the
mos
t qua
lifie
d in
divi
dual
s – w
ith e
mph
asis
on
educ
atio
nal b
ackg
roun
d, p
rior w
ork
expe
rienc
e, p
ast
Unn
eces
sary
stat
emen
t. U
nnec
essa
ry st
atem
ent.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
7
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 5
1 of
56
acco
mpl
ishm
ents
, and
evi
denc
e of
inte
grity
and
eth
ical
beh
avio
r – d
emon
stra
te a
n en
tity’
s com
mitm
ent t
o co
mpe
tent
an
d tru
stw
orth
y pe
ople
. Tra
inin
g po
licie
s tha
t com
mun
icat
e pr
ospe
ctiv
e ro
les a
nd re
spon
sibi
litie
s and
incl
ude
prac
tices
su
ch a
s tra
inin
g sc
hool
s and
sem
inar
s illu
stra
te e
xpec
ted
leve
ls o
f per
form
ance
and
beh
avio
r. Pr
omot
ions
driv
en b
y pe
riodi
c pe
rfor
man
ce a
ppra
isal
s dem
onst
rate
the
entit
y’s c
omm
itmen
t to
the
adva
ncem
ent o
f qua
lifie
d pe
rson
nel t
o hi
gher
leve
ls o
f res
pons
ibili
ty.
App
licat
ion
to S
mal
l Ent
ities
4.
Smal
l ent
ities
may
impl
emen
t the
con
trol e
nviro
nmen
t ele
men
ts di
ffere
ntly
than
larg
er e
ntiti
es. F
or e
xam
ple,
smal
l ent
ities
m
ight
not
hav
e a
writ
ten
code
of c
ondu
ct b
ut, i
nste
ad, d
evel
op a
cul
ture
that
em
phas
izes
the
impo
rtanc
e of
inte
grity
and
eth
ical
be
havi
or th
roug
h or
al c
omm
unic
atio
n an
d by
man
agem
ent e
xam
ple.
Sim
ilarly
, tho
se c
harg
ed w
ith g
over
nanc
e in
smal
l ent
ities
m
ay n
ot in
clud
e an
inde
pend
ent o
r out
side
mem
ber.
ENTI
TY’S
RIS
K A
SSES
SMEN
T PR
OC
ESS
5.
An
entit
y’s r
isk
asse
ssm
ent p
roce
ss is
its p
roce
ss fo
r ide
ntify
ing
and
resp
ondi
ng to
bus
ines
s ris
ks a
nd th
e re
sults
ther
eof.
For
finan
cial
repo
rting
pur
pose
s, th
e en
tity’
s ris
k as
sess
men
t pro
cess
incl
udes
how
man
agem
ent i
dent
ifies
risk
s rel
evan
t to
the
prep
arat
ion
of fi
nanc
ial s
tate
men
ts th
at g
ive
a tru
e an
d fa
ir vi
ew (o
r are
pre
sent
ed fa
irly,
in a
ll m
ater
ial r
espe
cts)
in a
ccor
danc
e w
ith th
e en
tity’
s app
licab
le fi
nanc
ial r
epor
ting
fram
ewor
k, e
stim
ates
thei
r sig
nific
ance
, ass
esse
s the
like
lihoo
d of
thei
r oc
curr
ence
, and
dec
ides
upo
n ac
tions
to m
anag
e th
em. F
or e
xam
ple,
the
entit
y’s r
isk
asse
ssm
ent p
roce
ss m
ay a
ddre
ss h
ow th
e en
tity
cons
ider
s the
pos
sibi
lity
of u
nrec
orde
d tra
nsac
tions
or i
dent
ifies
and
ana
lyze
s sig
nific
ant e
stim
ates
reco
rded
in th
e fin
anci
al st
atem
ents
. Ris
ks re
leva
nt to
relia
ble
finan
cial
repo
rting
als
o re
late
to sp
ecifi
c ev
ents
or t
rans
actio
ns.
6.
Ris
ks re
leva
nt to
fina
ncia
l rep
ortin
g in
clud
e ex
tern
al a
nd in
tern
al e
vent
s and
circ
umst
ance
s tha
t may
occ
ur a
nd a
dver
sely
affe
ct
an e
ntity
’s a
bilit
y to
initi
ate,
reco
rd, p
roce
ss, a
nd re
port
finan
cial
dat
a co
nsis
tent
with
the
asse
rtion
s of m
anag
emen
t in
the
finan
cial
stat
emen
ts. O
nce
risks
are
iden
tifie
d, m
anag
emen
t con
side
rs th
eir s
igni
fican
ce, t
he li
kelih
ood
of th
eir o
ccur
renc
e, a
nd
how
they
shou
ld b
e m
anag
ed. M
anag
emen
t may
initi
ate
plan
s, pr
ogra
ms,
or a
ctio
ns to
add
ress
spec
ific
risks
or i
t may
dec
ide
to
acce
pt a
risk
bec
ause
of c
ost o
r oth
er c
onsi
dera
tions
. Ris
ks c
an a
rise
or c
hang
e du
e to
circ
umst
ance
s suc
h as
the
follo
win
g:
• C
hang
es in
ope
ratin
g en
viro
nmen
t. C
hang
es in
the
regu
lato
ry o
r ope
ratin
g en
viro
nmen
t can
resu
lt in
cha
nges
in
com
petit
ive
pres
sure
s and
sign
ifica
ntly
diff
eren
t ris
ks.
• N
ew p
erso
nnel
. New
per
sonn
el m
ay h
ave
a di
ffere
nt fo
cus o
n or
und
erst
andi
ng o
f int
erna
l con
trol.
• N
ew o
r rev
ampe
d in
form
atio
n sy
stem
s. Si
gnifi
cant
and
rapi
d ch
ange
s in
info
rmat
ion
syst
ems c
an c
hang
e th
e ris
k re
latin
g to
inte
rnal
con
trol.
A11
4 A
72
A73
A
15
A76
Unn
eces
sary
to
pr
ovid
e fu
rther
ex
ampl
es.
Seco
nd s
ente
nce
is re
petit
ive
of th
e de
scrip
tion
of
the
entit
y’s
risk
asse
ssm
ent p
roce
ss.
Last
sen
tenc
e de
lete
d as
a re
sult
of
rest
ruct
urin
g.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
8
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 5
2 of
56
• Ra
pid
grow
th. S
igni
fican
t and
rapi
d ex
pans
ion
of o
pera
tions
can
stra
in c
ontro
ls a
nd in
crea
se th
e ris
k of
a b
reak
dow
n in
co
ntro
ls.
• N
ew te
chno
logy
. Inc
orpo
ratin
g ne
w te
chno
logi
es in
to p
rodu
ctio
n pr
oces
ses o
r inf
orm
atio
n sy
stem
s may
cha
nge
the
risk
asso
ciat
ed w
ith in
tern
al c
ontro
l.
• N
ew b
usin
ess m
odel
s, pr
oduc
ts, o
r act
iviti
es. E
nter
ing
into
bus
ines
s are
as o
r tra
nsac
tions
with
whi
ch a
n en
tity
has l
ittle
ex
perie
nce
may
intro
duce
new
risk
s ass
ocia
ted
with
inte
rnal
con
trol.
• C
orpo
rate
rest
ruct
urin
gs. R
estru
ctur
ings
may
be
acco
mpa
nied
by
staf
f red
uctio
ns a
nd c
hang
es in
supe
rvis
ion
and
segr
egat
ion
of d
utie
s tha
t may
cha
nge
the
risk
asso
ciat
ed w
ith in
tern
al c
ontro
l.
• Ex
pand
ed fo
reig
n op
erat
ions
. The
exp
ansi
on o
r acq
uisi
tion
of fo
reig
n op
erat
ions
car
ries n
ew a
nd o
ften
uniq
ue ri
sks
that
may
affe
ct in
tern
al c
ontro
l, fo
r exa
mpl
e, a
dditi
onal
or c
hang
ed ri
sks f
rom
fore
ign
curr
ency
tran
sact
ions
.
• N
ew a
ccou
ntin
g pr
onou
ncem
ents
. Ado
ptio
n of
new
acc
ount
ing
prin
cipl
es o
r cha
ngin
g ac
coun
ting
prin
cipl
es m
ay a
ffect
ris
ks in
pre
parin
g fin
anci
al st
atem
ents
.
App
licat
ion
to S
mal
l Ent
ities
7.
The
basi
c co
ncep
ts o
f the
ent
ity’s
risk
ass
essm
ent p
roce
ss a
re re
leva
nt to
eve
ry e
ntity
, reg
ardl
ess o
f siz
e, b
ut th
e ris
k as
sess
men
t pro
cess
is li
kely
to b
e le
ss fo
rmal
and
less
stru
ctur
ed in
smal
l ent
ities
than
in la
rger
one
s. A
ll en
titie
s sho
uld
have
es
tabl
ishe
d fin
anci
al re
porti
ng o
bjec
tives
, but
they
may
be
reco
gniz
ed im
plic
itly
rath
er th
an e
xplic
itly
in sm
all e
ntiti
es.
Man
agem
ent m
ay b
e aw
are
of ri
sks r
elat
ed to
thes
e ob
ject
ives
with
out t
he u
se o
f a fo
rmal
pro
cess
but
thro
ugh
dire
ct p
erso
nal
invo
lvem
ent w
ith e
mpl
oyee
s and
out
side
par
ties.
INFO
RMAT
ION
SYS
TEM
, IN
CLU
DIN
G T
HE
RELA
TED
BU
SIN
ESS
PRO
CES
SES,
REL
EVAN
T TO
FIN
ANC
IAL
REPO
RTIN
G, A
ND
C
OM
MU
NIC
ATIO
N
8.
An
info
rmat
ion
syst
em c
onsi
sts o
f inf
rast
ruct
ure
(phy
sica
l and
har
dwar
e co
mpo
nent
s), s
oftw
are,
peo
ple,
pro
cedu
res,
and
data
. In
fras
truct
ure
and
softw
are
will
be
abse
nt, o
r hav
e le
ss si
gnifi
canc
e, in
syst
ems t
hat a
re e
xclu
sivel
y or
prim
arily
man
ual.
Man
y in
form
atio
n sy
stem
s mak
e ex
tens
ive
use
of in
form
atio
n te
chno
logy
(IT)
.
9.
The
info
rmat
ion
syst
em re
leva
nt to
fina
ncia
l rep
ortin
g ob
ject
ives
, whi
ch in
clud
es th
e fin
anci
al re
porti
ng sy
stem
, con
sist
s of t
he
proc
edur
es a
nd re
cord
s est
ablis
hed
to in
itiat
e, re
cord
, pro
cess
, and
repo
rt en
tity
trans
actio
ns (a
s wel
l as e
vent
s and
con
ditio
ns)
and
to m
aint
ain
acco
unta
bilit
y fo
r the
rela
ted
asse
ts, l
iabi
litie
s, an
d eq
uity
. Tra
nsac
tions
may
be
initi
ated
man
ually
or
A23
A
76
A11
6
Unn
eces
sary
exa
mpl
es.
Not
e:
Para
grap
h ha
s al
so
been
re
draf
ted.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·176
9
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 5
3 of
56
auto
mat
ical
ly b
y pr
ogra
mm
ed p
roce
dure
s. R
ecor
ding
incl
udes
iden
tifyi
ng a
nd c
aptu
ring
the
rele
vant
info
rmat
ion
for
trans
actio
ns o
r eve
nts.
Proc
essi
ng in
clud
es fu
nctio
ns su
ch a
s edi
t and
val
idat
ion,
cal
cula
tion,
mea
sure
men
t, va
luat
ion,
su
mm
ariz
atio
n, a
nd re
conc
iliat
ion,
whe
ther
per
form
ed b
y au
tom
ated
or m
anua
l pro
cedu
res.
Rep
ortin
g re
late
s to
the
prep
arat
ion
of fi
nanc
ial r
epor
ts a
s wel
l as o
ther
info
rmat
ion,
in e
lect
roni
c or
prin
ted
form
at, t
hat t
he e
ntity
use
s in
mea
surin
g an
d re
view
ing
the
entit
y’s f
inan
cial
per
form
ance
and
in o
ther
func
tions
. The
qua
lity
of sy
stem
-gen
erat
ed in
form
atio
n af
fect
s m
anag
emen
t’s a
bilit
y to
mak
e ap
prop
riate
dec
isio
ns in
man
agin
g an
d co
ntro
lling
the
entit
y’s a
ctiv
ities
and
to p
repa
re re
liabl
e fin
anci
al re
ports
.
10.
Acc
ordi
ngly
, an
info
rmat
ion
syst
em e
ncom
pass
es m
etho
ds a
nd re
cord
s tha
t:
• Id
entif
y an
d re
cord
all
valid
tran
sact
ions
.
• D
escr
ibe
on a
tim
ely
basi
s the
tran
sact
ions
in su
ffici
ent d
etai
l to
perm
it pr
oper
cla
ssifi
catio
n of
tran
sact
ions
for
finan
cial
repo
rting
.
• M
easu
re th
e va
lue
of tr
ansa
ctio
ns in
a m
anne
r tha
t per
mits
reco
rdin
g th
eir p
rope
r mon
etar
y va
lue
in th
e fin
anci
al
stat
emen
ts.
• D
eter
min
e th
e tim
e pe
riod
in w
hich
tran
sact
ions
occ
urre
d to
per
mit
reco
rdin
g of
tran
sact
ions
in th
e pr
oper
acc
ount
ing
perio
d.
• Pr
esen
t pro
perly
the
trans
actio
ns a
nd re
late
d di
sclo
sure
s in
the
finan
cial
stat
emen
ts.
11.
Com
mun
icat
ion
invo
lves
pro
vidi
ng a
n un
ders
tand
ing
of in
divi
dual
role
s and
resp
onsi
bilit
ies p
erta
inin
g to
inte
rnal
con
trol o
ver
finan
cial
repo
rting
. It i
nclu
des t
he e
xten
t to
whi
ch p
erso
nnel
und
erst
and
how
thei
r act
iviti
es in
the
finan
cial
repo
rting
in
form
atio
n sy
stem
rela
te to
the
wor
k of
oth
ers a
nd th
e m
eans
of r
epor
ting
exce
ptio
ns to
an
appr
opria
te h
ighe
r lev
el w
ithin
the
entit
y. O
pen
com
mun
icat
ion
chan
nels
hel
p en
sure
that
exc
eptio
ns a
re re
porte
d an
d ac
ted
on.
12.
Com
mun
icat
ion
take
s suc
h fo
rms a
s pol
icy
man
uals
, acc
ount
ing
and
finan
cial
repo
rting
man
uals
, and
mem
oran
da.
Com
mun
icat
ion
also
can
be
mad
e el
ectro
nica
lly, o
rally
, and
thro
ugh
the
actio
ns o
f man
agem
ent.
App
licat
ion
to S
mal
l Ent
ities
13.
Info
rmat
ion
syst
ems a
nd re
late
d bu
sine
ss p
roce
sses
rele
vant
to fi
nanc
ial r
epor
ting
in sm
all e
ntiti
es a
re li
kely
to b
e le
ss fo
rmal
th
an in
larg
er e
ntiti
es, b
ut th
eir r
ole
is ju
st a
s sig
nific
ant.
Smal
l ent
ities
with
act
ive
man
agem
ent i
nvol
vem
ent m
ay n
ot n
eed
exte
nsiv
e de
scrip
tions
of a
ccou
ntin
g pr
oced
ures
, sop
hist
icat
ed a
ccou
ntin
g re
cord
s, or
writ
ten
polic
ies.
Com
mun
icat
ion
may
be
less
form
al a
nd e
asie
r to
achi
eve
in a
smal
l ent
ity th
an in
a la
rger
ent
ity d
ue to
the
smal
l ent
ity’s
size
and
few
er le
vels
as w
ell
A11
8
Unn
eces
sary
stat
emen
t. U
nnec
essa
ry t
o de
fine
or e
xpla
in
com
mon
acc
ount
ing
term
s. A
ppea
rs u
nnec
essa
ry to
def
ine
each
ele
men
t of t
he a
ccou
ntin
g pr
oces
s, an
d br
oadl
y re
petit
ive
of
redr
afte
d A
75.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·177
0
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 5
4 of
56
as m
anag
emen
t’s g
reat
er v
isib
ility
and
ava
ilabi
lity.
CO
NTR
OL
ACTI
VITI
ES
14.
Con
trol a
ctiv
ities
are
the
polic
ies a
nd p
roce
dure
s tha
t hel
p en
sure
that
man
agem
ent d
irect
ives
are
car
ried
out,
for e
xam
ple,
that
ne
cess
ary
actio
ns a
re ta
ken
to a
ddre
ss ri
sks
that
thre
aten
the
achi
evem
ent o
f the
ent
ity’s
obj
ectiv
es. C
ontro
l act
iviti
es, w
heth
er
with
in IT
or m
anua
l sys
tem
s, ha
ve v
ario
us o
bjec
tives
and
are
app
lied
at v
ario
us o
rgan
izat
iona
l and
func
tiona
l lev
els.
15.
Gen
eral
ly, c
ontro
l act
iviti
es th
at m
ay b
e re
leva
nt to
an
audi
t may
be
cate
goriz
ed a
s pol
icie
s and
pro
cedu
res t
hat p
erta
in to
the
follo
win
g:
• Pe
rfor
man
ce re
view
s. Th
ese
cont
rol a
ctiv
ities
incl
ude
revi
ews a
nd a
naly
ses o
f act
ual p
erfo
rman
ce v
ersu
s bud
gets
, fo
reca
sts,
and
prio
r per
iod
perf
orm
ance
; rel
atin
g di
ffere
nt se
ts o
f dat
a –
oper
atin
g or
fina
ncia
l – to
one
ano
ther
, tog
ethe
r w
ith a
naly
ses o
f the
rela
tions
hips
and
inve
stig
ativ
e an
d co
rrec
tive
actio
ns; c
ompa
ring
inte
rnal
dat
a w
ith e
xter
nal
sour
ces o
f inf
orm
atio
n; a
nd re
view
of f
unct
iona
l or a
ctiv
ity p
erfo
rman
ce, s
uch
as a
ban
k’s c
onsu
mer
loan
man
ager
’s
revi
ew o
f rep
orts
by
bran
ch, r
egio
n, a
nd lo
an ty
pe fo
r loa
n ap
prov
als a
nd c
olle
ctio
ns.
• In
form
atio
n pr
oces
sing
. A v
arie
ty o
f con
trols
are
per
form
ed to
che
ck a
ccur
acy,
com
plet
enes
s, an
d au
thor
izat
ion
of
trans
actio
ns. T
he tw
o br
oad
grou
ping
s of i
nfor
mat
ion
syst
ems c
ontro
l act
iviti
es a
re a
pplic
atio
n co
ntro
ls a
nd g
ener
al IT
-co
ntro
ls. A
pplic
atio
n co
ntro
ls a
pply
to th
e pr
oces
sing
of i
ndiv
idua
l app
licat
ions
. The
se c
ontro
ls h
elp
ensu
re th
at
trans
actio
ns o
ccur
red,
are
aut
horiz
ed, a
nd a
re c
ompl
etel
y an
d ac
cura
tely
reco
rded
and
pro
cess
ed. E
xam
ples
of
appl
icat
ion
cont
rols
incl
ude
chec
king
the
arith
met
ical
acc
urac
y of
reco
rds,
mai
ntai
ning
and
revi
ewin
g ac
coun
ts a
nd
trial
bal
ance
s, au
tom
ated
con
trols
such
as e
dit c
heck
s of i
nput
dat
a an
d nu
mer
ical
sequ
ence
che
cks,
and
man
ual f
ollo
w-
up o
f exc
eptio
n re
ports
. Gen
eral
IT-c
ontro
ls a
re p
olic
es a
nd p
roce
dure
s tha
t rel
ate
to m
any
appl
icat
ions
and
supp
ort t
he
effe
ctiv
e fu
nctio
ning
of a
pplic
atio
n co
ntro
ls b
y he
lpin
g to
ens
ure
the
cont
inue
d pr
oper
ope
ratio
n of
info
rmat
ion
syst
ems.
Gen
eral
IT-c
ontro
ls c
omm
only
incl
ude
cont
rols
ove
r dat
a ce
nter
and
net
wor
k op
erat
ions
; sys
tem
softw
are
acqu
isiti
on, c
hang
e an
d m
aint
enan
ce; a
cces
s sec
urity
; and
app
licat
ion
syst
em a
cqui
sitio
n, d
evel
opm
ent,
and
mai
nten
ance
. The
se c
ontro
ls a
pply
to m
ainf
ram
e, m
inifr
ame,
and
end
-use
r env
ironm
ents
. Exa
mpl
es o
f suc
h ge
nera
l IT-
cont
rols
are
pro
gram
cha
nge
cont
rols
, con
trols
that
rest
rict a
cces
s to
prog
ram
s or d
ata,
con
trols
ove
r the
im
plem
enta
tion
of n
ew re
leas
es o
f pac
kage
d so
ftwar
e ap
plic
atio
ns, a
nd c
ontro
ls o
ver s
yste
m so
ftwar
e th
at re
stric
t ac
cess
to o
r mon
itor t
he u
se o
f sys
tem
util
ities
that
cou
ld c
hang
e fin
anci
al d
ata
or re
cord
s with
out l
eavi
ng a
n au
dit t
rail.
• Ph
ysic
al c
ontro
ls. T
hese
act
iviti
es e
ncom
pass
the
phys
ical
secu
rity
of a
sset
s, in
clud
ing
adeq
uate
safe
guar
ds su
ch a
s se
cure
d fa
cilit
ies o
ver a
cces
s to
asse
ts a
nd re
cord
s; a
utho
rizat
ion
for a
cces
s to
com
pute
r pro
gram
s and
dat
a fil
es; a
nd
A81
Unn
eces
sary
exa
mpl
es to
illu
stra
te
the
poin
t.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·177
1
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 5
5 of
56
perio
dic
coun
ting
and
com
paris
on w
ith a
mou
nts s
how
n on
con
trol r
ecor
ds (f
or e
xam
ple
com
parin
g th
e re
sults
of c
ash,
se
curit
y an
d in
vent
ory
coun
ts w
ith a
ccou
ntin
g re
cord
s). T
he e
xten
t to
whi
ch p
hysi
cal c
ontro
ls in
tend
ed to
pre
vent
thef
t of
ass
ets a
re re
leva
nt to
the
relia
bilit
y of
fina
ncia
l sta
tem
ent p
repa
ratio
n, a
nd th
eref
ore
the
audi
t, de
pend
s on
circ
umst
ance
s suc
h as
whe
n as
sets
are
hig
hly
susc
eptib
le to
mis
appr
opria
tion.
For
exa
mpl
e, th
ese
cont
rols
wou
ld
ordi
naril
y no
t be
rele
vant
whe
n an
y in
vent
ory
loss
es w
ould
be
dete
cted
pur
suan
t to
perio
dic
phys
ical
insp
ectio
n an
d re
cord
ed in
the
finan
cial
stat
emen
ts. H
owev
er, i
f for
fina
ncia
l rep
ortin
g pu
rpos
es m
anag
emen
t rel
ies s
olel
y on
pe
rpet
ual i
nven
tory
reco
rds,
the
phys
ical
secu
rity
cont
rols
wou
ld b
e re
leva
nt to
the
audi
t.
• Se
greg
atio
n of
dut
ies.
Ass
igni
ng d
iffer
ent p
eopl
e th
e re
spon
sibi
litie
s of a
utho
rizin
g tra
nsac
tions
, rec
ordi
ng tr
ansa
ctio
ns,
and
mai
ntai
ning
cus
tody
of a
sset
s is i
nten
ded
to re
duce
the
oppo
rtuni
ties t
o al
low
any
per
son
to b
e in
a p
ositi
on to
bot
h pe
rpet
rate
and
con
ceal
err
ors o
r fra
ud in
the
norm
al c
ours
e of
the
pers
on’s
dut
ies.
Exam
ples
of s
egre
gatio
n of
dut
ies
incl
ude
repo
rting
, rev
iew
ing
and
appr
ovin
g re
conc
iliat
ions
, and
app
rova
l and
con
trol o
f doc
umen
ts.
16.
Cer
tain
con
trol a
ctiv
ities
may
dep
end
on th
e ex
iste
nce
of a
ppro
pria
te h
ighe
r lev
el p
olic
ies e
stab
lishe
d by
man
agem
ent o
r tho
se
char
ged
with
gov
erna
nce.
For
exa
mpl
e, a
utho
rizat
ion
cont
rols
may
be
dele
gate
d un
der e
stab
lishe
d gu
idel
ines
, suc
h as
in
vest
men
t crit
eria
set b
y th
ose
char
ged
with
gov
erna
nce;
alte
rnat
ivel
y, n
on-r
outin
e tra
nsac
tions
such
as m
ajor
acq
uisi
tions
or
dive
stm
ents
may
requ
ire sp
ecifi
c hi
gh le
vel a
ppro
val,
incl
udin
g in
som
e ca
ses t
hat o
f sha
reho
lder
s.
App
licat
ion
to S
mal
l Ent
ities
17.
The
conc
epts
und
erly
ing
cont
rol a
ctiv
ities
in sm
all e
ntiti
es a
re li
kely
to b
e si
mila
r to
thos
e in
larg
er e
ntiti
es, b
ut th
e fo
rmal
ity
with
whi
ch th
ey o
pera
te v
arie
s. Fu
rther
, sm
all e
ntiti
es m
ay fi
nd th
at c
erta
in ty
pes o
f con
trol a
ctiv
ities
are
not
rele
vant
bec
ause
of
con
trols
app
lied
by m
anag
emen
t. Fo
r exa
mpl
e, m
anag
emen
t’s re
tent
ion
of a
utho
rity
for a
ppro
ving
cre
dit s
ales
, sig
nific
ant
purc
hase
s, an
d dr
aw-d
owns
on
lines
of c
redi
t can
pro
vide
stro
ng c
ontro
l ove
r tho
se a
ctiv
ities
, les
seni
ng o
r rem
ovin
g th
e ne
ed
for m
ore
deta
iled
cont
rol a
ctiv
ities
. An
appr
opria
te se
greg
atio
n of
dut
ies o
ften
appe
ars t
o pr
esen
t diff
icul
ties i
n sm
all e
ntiti
es.
Even
com
pani
es th
at h
ave
only
a fe
w e
mpl
oyee
s, ho
wev
er, m
ay b
e ab
le to
ass
ign
thei
r res
pons
ibili
ties t
o ac
hiev
e ap
prop
riate
se
greg
atio
n or
, if t
hat i
s not
pos
sibl
e, to
use
man
agem
ent o
vers
ight
of t
he in
com
patib
le a
ctiv
ities
to a
chie
ve c
ontro
l obj
ectiv
es.
MO
NIT
ORI
NG
OF
CO
NTR
OLS
18.
An
impo
rtant
man
agem
ent r
espo
nsib
ility
is to
est
ablis
h an
d m
aint
ain
inte
rnal
con
trol o
n an
ong
oing
bas
is. M
anag
emen
t’s
mon
itorin
g of
con
trols
incl
udes
con
side
ring
whe
ther
they
are
ope
ratin
g as
inte
nded
and
that
they
are
mod
ified
as a
ppro
pria
te
for c
hang
es in
con
ditio
ns. M
onito
ring
of c
ontro
ls m
ay in
clud
e ac
tiviti
es su
ch a
s man
agem
ent’s
revi
ew o
f whe
ther
ban
k re
conc
iliat
ions
are
bei
ng p
repa
red
on a
tim
ely
basi
s, in
tern
al a
udito
rs’ e
valu
atio
n of
sale
s per
sonn
el’s
com
plia
nce
with
the
entit
y’s p
olic
ies o
n te
rms o
f sal
es c
ontra
cts,
and
a le
gal d
epar
tmen
t’s o
vers
ight
of c
ompl
ianc
e w
ith th
e en
tity’
s eth
ical
or
A81
A
119-
A12
0
Unn
eces
sary
exa
mpl
e.
Unn
eces
sary
stat
emen
t.
Cla
rity
IAAS
B M
ain
Agen
da (S
epte
mbe
r 200
5) P
age
2005
·177
2
*Not
e: H
ighl
ight
s ind
icat
e m
ater
ial t
hat h
as b
een
dele
ted.
A
gend
a Ite
m 4
-B.1
Pa
ge 5
6 of
56
busi
ness
pra
ctic
e po
licie
s.
19.
Mon
itorin
g of
con
trols
is a
pro
cess
to a
sses
s the
qua
lity
of in
tern
al c
ontro
l per
form
ance
ove
r tim
e. It
invo
lves
ass
essi
ng th
e de
sign
and
ope
ratio
n of
con
trols
on
a tim
ely
basi
s and
taki
ng n
eces
sary
cor
rect
ive
actio
ns. M
onito
ring
is d
one
to e
nsur
e th
at
cont
rols
con
tinue
to o
pera
te e
ffect
ivel
y. F
or e
xam
ple,
if th
e tim
elin
ess a
nd a
ccur
acy
of b
ank
reco
ncili
atio
ns a
re n
ot m
onito
red,
pe
rson
nel a
re li
kely
to st
op p
repa
ring
them
. Mon
itorin
g of
con
trols
is a
ccom
plis
hed
thro
ugh
ongo
ing
mon
itorin
g ac
tiviti
es,
sepa
rate
eva
luat
ions
, or a
com
bina
tion
of th
e tw
o.
20.
Ong
oing
mon
itorin
g ac
tiviti
es a
re b
uilt
into
the
norm
al re
curr
ing
activ
ities
of a
n en
tity
and
incl
ude
regu
lar m
anag
emen
t and
su
perv
isor
y ac
tiviti
es. M
anag
ers o
f sal
es, p
urch
asin
g, a
nd p
rodu
ctio
n at
div
isio
nal a
nd c
orpo
rate
leve
ls a
re in
touc
h w
ith
oper
atio
ns a
nd m
ay q
uest
ion
repo
rts th
at d
iffer
sign
ifica
ntly
from
thei
r kno
wle
dge
of o
pera
tions
.
21.
In m
any
entit
ies,
inte
rnal
aud
itors
or p
erso
nnel
per
form
ing
sim
ilar f
unct
ions
con
tribu
te to
the
mon
itorin
g of
an
entit
y’s c
ontro
ls
thro
ugh
sepa
rate
eva
luat
ions
. The
y re
gula
rly p
rovi
de in
form
atio
n ab
out t
he fu
nctio
ning
of i
nter
nal c
ontro
l, fo
cusi
ng
cons
ider
able
atte
ntio
n on
eva
luat
ing
the
desi
gn a
nd o
pera
tion
of in
tern
al c
ontro
l. Th
ey c
omm
unic
ate
info
rmat
ion
abou
t st
reng
ths a
nd w
eakn
esse
s and
reco
mm
enda
tions
for i
mpr
ovin
g in
tern
al c
ontro
l.
22.
Mon
itorin
g ac
tiviti
es m
ay in
clud
e us
ing
info
rmat
ion
from
com
mun
icat
ions
from
ext
erna
l par
ties t
hat m
ay in
dica
te p
robl
ems o
r hi
ghlig
ht a
reas
in n
eed
of im
prov
emen
t. C
usto
mer
s im
plic
itly
corr
obor
ate
billi
ng d
ata
by p
ayin
g th
eir i
nvoi
ces o
r com
plai
ning
ab
out t
heir
char
ges.
In a
dditi
on, r
egul
ator
s may
com
mun
icat
e w
ith th
e en
tity
conc
erni
ng m
atte
rs th
at a
ffect
the
func
tioni
ng o
f in
tern
al c
ontro
l, fo
r exa
mpl
e, c
omm
unic
atio
ns c
once
rnin
g ex
amin
atio
ns b
y ba
nk re
gula
tory
age
ncie
s. A
lso,
man
agem
ent m
ay
cons
ider
com
mun
icat
ions
rela
ting
to in
tern
al c
ontro
l fro
m e
xter
nal a
udito
rs in
per
form
ing
mon
itorin
g ac
tiviti
es.
App
licat
ion
to S
mal
l Ent
ities
23.
Ong
oing
mon
itorin
g ac
tiviti
es o
f sm
all e
ntiti
es a
re m
ore
likel
y to
be
info
rmal
and
are
typi
cally
per
form
ed a
s a p
art o
f the
ov
eral
l man
agem
ent o
f the
ent
ity’s
ope
ratio
ns. M
anag
emen
t’s c
lose
invo
lvem
ent i
n op
erat
ions
ofte
n w
ill id
entif
y si
gnifi
cant
va
rianc
es fr
om e
xpec
tatio
ns a
nd in
accu
raci
es in
fina
ncia
l dat
a le
adin
g to
cor
rect
ive
actio
n to
the
cont
rol.
A
ppen
dix
3: C
ondi
tions
and
Eve
nts T
hat M
ay In
dica
te R
isks
of M
ater
ial M
isst
atem
ent
[Unc
hang
ed]
A12
1 A
92