Professional Documents
Culture Documents
Auditing Assurance in HK (6th Ed) - Ch.16 A
Auditing Assurance in HK (6th Ed) - Ch.16 A
Applicable
The entity’s The entity
financial
system of and its
reporting
internal control environment
framework
Inherent risk
factors
Indirect controls Direct controls
a. Control d. Information
environment system and
b. Risk assessment communication
process e. Control activities
c. Process to
monitor the
system of
internal control
Control
deficiencies
© Peter T. Y. Lau and Nelson C. Y. Lam
9
© Pilot Publishing Co. Ltd. 2021 Auditing and Assurance in Hong Kong
5. Understanding an Entity’s System of
Internal Control
• In a financial statement audit, HKSA 315 requires an
auditor to obtain an understanding of:
a. The control environment relevant to the preparation of the
financial statements;
b. The entity’s risk assessment process relevant to the preparation
of the financial statements;
c. The entity’s process for monitoring the system of internal control
relevant to the preparation of the financial statements;
d. The entity’s information system and communication relevant to
the preparation of the financial statements; and
e. The control activities component of the entity.
• In addition to understanding the above 5 components,
HKSA 315 requires the auditor to evaluate them and
determine whether there are control deficiencies.
© Peter T. Y. Lau and Nelson C. Y. Lam
© Pilot Publishing Co. Ltd. 2021 Auditing and Assurance in Hong Kong
10
6. Control Environment
How to understand?
➢ Through a combination of inquiries and other risk assessment
procedures (i.e. corroborating inquiries through observation or
inspection of documents.). Inquiries of management and employees
➢ For example:
– How management communicates to employees its views on
business practices and ethical behavior
– Inspecting managements written code of conduct and observing
whether management acts in a manner that supports that code.
• Together with the documentation set out in Chapter 15, the auditor is
required to include the following documentation:
a. The discussion among the engagement team and the significant
decisions reached;
b. Key elements of the auditor’s understanding obtained in respect of the
entity;
c. The sources of information from which the auditor’s understanding was
obtained;
d. The risk assessment procedures performed;
e. The evaluation of the design of identified controls, and determination;
and
f. The identified and assessed risks of material misstatement at the
financial statement level and at the assertion level, including significant
risks and risks for which substantive procedures alone cannot provide
sufficient appropriate audit evidence, and the rationale for the
significant judgments made (see Ch. 17)
© Peter T. Y. Lau and Nelson C. Y. Lam
© Pilot Publishing Co. Ltd. 2021 Auditing and Assurance in Hong Kong
29