This document discusses controls and audit objectives for system-based auditing. It outlines two levels of control: control environment and control activities. The control environment includes factors like ethical values, risk awareness, operating procedures, organizational structure, staff competence, and management oversight. Control activities are specific policies and procedures to address risks, like separation of duties, authorization of transactions, documentation, and asset protection. The document also distinguishes between transaction-related and balance-related audit objectives, providing examples of objectives for both categories like occurrence, completeness, accuracy, and regularity.

1. © OECD
A joint initiative of the OECD and the European Union, principally financed by the EU
Tirana, 10-12 September 2014
Workshop System Based Auditing
Defining controls

2. 2

3. 3

4. 9.1 Two levels of control
•Control environment
•Control activities
=> to be matched with audit objectives
4

5. 9.2 Control environment
The control environment includes management’s philosophy and operating
style, the assignment of responsibilities and the policing of control
procedures. Factors of control environment include the management policy,
awareness and procedures related to the control environment.
These factors include:
• Ethical values and management’s integrity
•The setting of objectives by management and management’s risk awareness;
•The management’s operating style (for example by way of codes of conduct and procedural manuals) and the organisational structure;
•how management assign responsibility, for example by the organisational structure and separation of duties;
•management’s policies to retain competent staff, such as recruitment and training policies;
•management oversight of control procedures and the operation of the accounting system, including management review of transactions and budget monitoring (including internal audit);
5

6. 9.3 CONTROL ACTIVITIES
These are policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity’s objectives
Types are
Adequate separation of duties,
Proper authorisation of transactions and activities,
Adequate documents and records,
Physical controls over assets and records,
Independence checks on performance
6

7. 9.4 Types of audit objectives
•Transaction-related audit objectives
•Balance-related audit objectives
7
7

8. 9.5 Transaction related audit objectives
Transaction-related:
Occurrence
Completeness
Accuracy
Cut off
Classification
Regularity
Audit objectives:
Occurrence
Completeness
Accuracy
Posting and summarisation
Timing
Classification
Regularity
8

9. 9.6 Balance related audit objectives
Balance related:
Existence
Completeness
Valuation and allocation
Rights and responsibilities
Regularity
Audit objectives:
Existence
Completeness
Accuracy
Detail ti-in
Cut off/Timing
Classification
Realisable value
Rights and obligations
Regularity
9

10. 9.7 Transactions-related audit objectives
•Occurrence – recorded transaction occur.
•Completeness – all existing sales transactions are recorded.
•Accuracy – recorded transactions are stated at the correct amounts.
•Classification – transaction included in the client’s records are properly classified.
•Timing – transactions are recorded on the correct dates.
•Posting and summarization – recorded transactions are updated to the master files and are correctly summarized.
•Regularity - transactions must be in accordance with law and regulations
10
10

11. 11
9.8 Balance-related audit objectives
•Existence – amounts included exist.
•Completeness – all existing amounts are included
•Accuracy – amounts included are stated at the correct amounts
•Detail tie-in – account balances are supported by details in master files and schedules prepared by entity
•Cut off /Timing – transactions are recorded in proper period
•Classification – amounts included in the client’s listing are properly classified
•Realisable value – assets are included at the amounts estimated to be realised.
•Rights and responsibilities- assets and liabilities must be owned by the entity.
•Regularity - assets/liabilities must be obtained and maintained legally
13

12. QUESTIONS?
12