Скачать книгу

That May Affect the Financial Reporting Process

      Some IT systems process information that is not reflected in the financial statements. For example, an organization may have a sales and marketing system that tracks lead generation, customer contact information, and purchase history. IT general controls that affect the functioning of this system may or may not be included within the scope of an evaluation of financial reporting controls, depending on how management uses the information generated by the system.

      For example, management and the sales team may use the information only to manage the sales process, in which case the sales system is not important to the financial reporting process. Or management may use the information generated from the sales system to monitor financial results, generate financial information, or perform some other control procedure.

      For example, information in the sales system could be used to:

       Calculate bonuses to salespeople, an amount that is reported in the financial statements.

       Generate a key performance indicator, which management uses to identify anomalies in the accounting records or financial statements.

       Generate nonfinancial information, which management uses in its monitoring process.

      General controls related to nonfinancial systems may be included in management’s evaluation if the risk of failure of the control is significant. If the risk is small, then the system can be excluded from the scope of the evaluation.

      General Controls Directly Related to Financial Information

      Other IT systems at an organization are directly related to the processing of financial information; these systems include the accounting system, the sales system, or the inventory management system. To the extent that these systems process significant financial information where a material misstatement could occur, they will be included within the scope of the auditor’s evaluation.

      IT systems that have a more direct effect on the financial reporting process typically are included within the scope of management’s evaluation. Relevant IT general control objectives usually relate to:

       Logical access to programs and data

       Physical access to computer hardware and the physical environment within which the hardware operates

       System development and change

       Effect on the internal audit function

      The following questionnaire will help the auditor assess risk. The existence of a condition covered by the questionnaire does not mean errors or fraud have occurred; it is a warning sign indicating increased risk in the audit areas affected. The questionnaire should be modified in accordance with the size and complexity of the entity.

      Illustration 1. Risk Assessment Questionnaire

      [Client]

      [Audit date]

[Prepared by/Date]
[Reviewed by/Date]

       Instructions

      The purpose of this questionnaire is to document and assess audit risk. It should be part of audit planning and updated during the audit. (AU-C 260.15)

      The information required to complete this questionnaire comes from the following sources:

      1 Client responses to our inquiries

      2 Our knowledge of general and industry economic conditions

      3 Our knowledge of the client

      This questionnaire is divided into two major sections: external and internal factors. It is designed so that every “Yes” answer adversely affects risk exposure.

      For every “Yes” answer, the item should be referenced to the appropriate audit documentation. The audit documentation should state our assessment of the effect of the condition on the risk of material errors or fraud.

       External Factors

Yes No Working paper reference
General Economic and Financial Conditions Are there trade or other barriers to the client’s international business?Have the client’s domestic markets suffered from high unemployment?Have the client’s domestic markets suffered from high inflation?Has legislation passed that adversely affects the client?Are interest rates high in relation to the client’s capital needs?Has the client’s business been adversely affected by changes in the following:Interest rates?Unemployment rates?Money supply?Foreign currency exchange rates?Overall business conditions (depression, recession, inflation)?

       Internal Factors

Yes No Working paper reference