The ISA 315, has divided the entity’s
internal control process in to five components. One among these components is
the Information Systems. According to ISA 315, while conducting the audit of
financial statements, the auditor needs to obtain an understanding of the
information system, including the related business processes, relevant to
financial reporting, including the following areas:
·
The
classes of transactions in the entity’s operations that are significant to the
financial statements;
·
The
procedures, within both information technology and manual systems, by which
those transactions are initiated, recorded, processed, corrected as necessary,
transferred to the general ledger and reported in the financial statements;
·
The
related accounting records, supporting information and specific accounts in the
financial statements that are used to initiate, record, process and report
transactions;
·
How
the information system captures events and conditions, other than transactions,
that are significant to the financial statements;
·
The
financial reporting process used to prepare the entity’s financial statements,
including significant accounting estimates and disclosures; and
·
Controls
surrounding journal entries, including non-standard journal entries used to
record non-recurring, unusual transactions or adjustments.
The information system
relevant to financial reporting objectives, which includes the accounting
system, consists of the procedures and records designed and established to:
·
Initiate,
record, process, and report entity transactions (as well as events and
conditions) and to maintain accountability for the related assets, liabilities,
and equity;
·
Resolve
incorrect processing of transactions, for example, automated suspense files and
procedures followed to clear suspense items out on a timely basis;
·
Process
and account for system overrides or bypasses to controls;
·
Transfer
information from transaction processing systems to the general ledger;
·
Capture
information relevant to financial reporting for events and conditions other
than transactions, such as the depreciation and amortization of assets and
changes in the recoverability of accounts receivables; and
·
Ensure
information required to be disclosed by the applicable financial reporting
framework is accumulated, recorded, processed, summarized and appropriately
reported in the financial statements.
Practice
Significant and rapid changes
in information systems can change the risk relating to internal control. The
extent and nature of the risks to internal control vary depending on the nature
and characteristics of the entity’s information system. The entity should respond
to the risks arising from the use of IT in internal control by establishing
effective controls in light of the characteristics of the entity’s information
system.
