Sunteți pe pagina 1din 4

Given ISA 330, ISA 315, state why or why not small businesses that are

computerized should be required by the state to undergo auditing by third parties.

315-IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH


UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
Accounting is the process of recording, classifying, and summarizing into
financial statements a companys transactions that create assets, liabilities, equities,
revenues, and expenses. It is the means of satisfying users demands for financial
information that arise from the forces of complexity, remoteness, time-sensitivity,
and consequences.
While, Auditing is a systematic process of objectively obtaining and evaluating
evidence regarding assertions about economic actions and events to ascertain the
degree of correspondence between the assertions and established criteria and
communicating the results to interested users.

The processes mentioned, are two different and interrelated things. Accounting
is essential in preparing the Financial Statements (FS) while Auditing is the evaluation
of the FS on its compliance to various standards.

Smaller entities, according to the ISA 315, often have fewer employees which
may limit the extent to which segregation of duties is practicable. However, in a small
owner managed entity, the owner-manager may be able to exercise more effective
oversight than in a larger entity. This oversight may compensate for the generally more
limited opportunities for segregation of duties.
Small businesses, despite its size and easiness to operate, should be required
by the state to undergo auditing by third parties for so many varied reasons.

The owner-manager of small enterprises may be more able to override controls


because the system of internal control is less structured. This is taken into account by
the auditor when identifying the risks of material misstatement due to fraud.
Among other thing deus, the auditor observes and inspects the following:
The entitys operations.
Documents (business plans and strategies), records, and internal control
manuals.
Reports prepared by management (such as quarterly management reports and
interim FS) and those charged with governance (such as minutes of board of
directors meetings).
The entitys premises and plant facilities, and
Internal Control

An entitys system of internal control contains manual elements and often contains
automated elements. The characteristics of manual or automated elements are relevant
to the auditors risk assessment and further audit procedures based thereon.
Controls in IT systems consist of a combination of automated controls (for example,
controls embedded in computer programs) and manual controls. Further, manual

controls may be independent of IT, may use information produced by IT, or may be
limited to monitoring the effective functioning of IT and of automated controls, and to
handling exceptions. When IT is used to initiate, record, process or report transactions,
or other financial data for inclusion in financial statements, the systems and programs
may include controls related to the corresponding assertions for material accounts or
may be critical to the effective functioning of manual controls that depend on IT.
Generally, IT benefits an entitys internal control by enabling an entity to:
Consistently apply predefined business rules and perform complex calculations in
processing large volumes of transactions or data;
Enhance the timeliness, availability, and accuracy of information;
Facilitate the additional analysis of information;
Enhance the ability to monitor the performance of the entitys activities and its
policies and procedures;
Reduce the risk that controls will be circumvented; and
Enhance the ability to achieve effective segregation of duties by implementing
security controls in applications, databases, and operating systems.
But IT doesnt stay as perfect as it sound, IT poses specific risks to an entitys internal
control, including, for example:

Reliance on systems or programs that are inaccurately processing data,


processing inaccurate data, or both.

Unauthorized access to data that may result in destruction of data or improper


changes to data, including the recording of unauthorized or non-existent
transactions, or inaccurate recording of transactions.

Particular risks may arise where multiple users access a common database.

The possibility of IT personnel gaining access privileges beyond those necessary


to perform their assigned duties thereby breaking down segregation of duties.

Unauthorized changes to data in master files.

Unauthorized changes to systems or programs.

Failure to make necessary changes to systems or programs.

Inappropriate manual intervention.

Potential loss of data or inability to access data as required

Auditing is necessary for all forms of businesses and organizations, may it be big
corporations or small enterprises. Auditing evaluates and ascertains both managers and
investors, alike, on the accuracy of the companys Financial Reports, whether
automated or not, and whether they are complying on various laws and regulations
imposed on the organization.

S-ar putea să vă placă și