Please enable JavaScript.
Coggle requires JavaScript to display documents.
Audit procedures which respond to risks (Identify and assess CR (Design…
Audit procedures which respond to risks
Identify and assess CR
Design
Are controls THEORETICALLY (in the system description/ management inquiry) capable of mitigating risks
WE ARE NOT TESTING IF IT ACTUALLY WORKS JUST THAT IS IT THERE AND WOULD MITIGATE RISKS
Implementation
Are the controls actually used/there
Only after D&I of controls is completed can we test for operating effectiveness (Test of controls)
Identify and assess IR
Requireds
Recommend controls
Draw a picture of the cycle and for risks provide a control to mitigate the risk
know how the cycle is: INITIATED+ EXECUTED+ RECORD+ PROCESSED+ ENDED (apply controls to each part)
Structure NB BE AS SPECIFIC AS YOU CAN BE
Who/what is doing the control
On what document/process
Why are they doing the control
GENERICS look to book one
Output
Input
Master-file amendments
Access controls
Application is cycle specific
General is for the entire system
ROMM THE MARKS ARE FOR THE RISK FACTORS NOT THE RISK
STRUCTURE: What could go wrong in the AFS due to RISK FACTORS FROM THE SCENARIO
Overall Level
FRAUD RISK
Incentive from management
JSE listed
Poor governance displayed by management
If not a follow on must give couple of gov concerns as per normal structure
Going concern
IFRS complexity/ Error
Be specific about what the issues are with regards to a standard that is all over the AFS
Assertion level
Relate to a specific balance, look to generics for substantive procedure test of details and then use that as your risk
Go according to appearance in the scenario
Overall level risks can be made to be assertion level IF RELATE TO THAT SPECIFIC ACCOUNT AND ARE APPLIED