PSA 315: CONSIDERATION OF

INTERNAL
TEXT

“Assessing control risk is the process of

evaluating the design and operating
effectiveness on an entity’s internal control
as to how it prevents or detects material
misstatements”
OBJECTIVE

The objective of the auditor is to identify and

assess the risks of material misstatement, whether
due to fraud or error, at the financial statement and
assertion levels, through understanding the entity
and its environment, including the entity’s internal
control, thereby providing a basis for designing and
implementing responses to the assessed risks of
material misstatement.
DEFINITION: PSA 315

Internal control is the process (1) designed,

implemented and maintained by those charged
with governance (2), management and other
personnel to provide reasonable assurance (3)
about the achievement of an entity’s objectives (4)
with regard to reliability of financial reporting,
effectiveness and efficiency of operations, and
compliance with applicable laws and regulations.
COMPONENTS: DIVISION OF INTERNAL CONTROL INTO
COMPONENTS

(a) The control environment;

(b) The entity’s risk assessment process;
(c) The information system, including the related
business processes, relevant to financial reporting,
and communication;
(d) Control activities; and
(e) Monitoring of controls.
COMPONENTS OF INTERNAL CONTROL—CONTROL ENVIRONMENT

The control environment includes the governance

and management functions and the attitudes,
awareness, and actions of those charged with
governance and management concerning the
entity’s internal control and its importance in the
entity. The control environment sets the tone of an
organization, influencing the control consciousness
of its people.
COMPONENTS OF INTERNAL CONTROL—CONTROL ENVIRONMENT

(a) Communication and enforcement of integrity

and ethical values – These are essential elements
that influence the effectiveness of the design,
administration and monitoring of controls.
(b) Commitment to competence – Matters such as
management’s consideration of the competence
levels for particular jobs and how those levels
translate into requisite skills and knowledge.
COMPONENTS OF INTERNAL CONTROL—CONTROL ENVIRONMENT

(c) Participation by those charged with governance –

Attributes of those charged with governance such as:
• Their independence from management.
• Their experience and stature.
• The extent of their involvement and the information
they receive, and the scrutiny of activities.
• The appropriateness of their actions, including the
degree to which difficult questions are raised and pursued
with management, and their interaction with internal and
external auditors.
COMPONENTS OF INTERNAL CONTROL—CONTROL ENVIRONMENT

(d) Management’s philosophy and operating style –

Characteristics such as management’s:
• Approach to taking and managing business risks. •
Attitudes and actions toward financial reporting. •
Attitudes toward information processing and
accounting functions and personnel.
(e) Organizational structure – The framework within
which an entity’s activities for achieving its
objectives are planned, executed, controlled, and
reviewed.
COMPONENTS OF INTERNAL CONTROL—THE ENTITY’S RISK ASSESSMENT
PROCESS

The entity’s risk assessment process forms

the basis for how management determines
the risks to be managed. If that process is
appropriate to the circumstances, including
the nature, size and complexity of the entity,
it assists the auditor in identifying risks of
material misstatement. Whether the entity’s
risk assessment process is appropriate to the
circumstances is a matter of judgment.
COMPONENTS OF INTERNAL CONTROL—THE INFORMATION SYSTEM,
INCLUDING THE RELATED BUSINESS PROCESSES, RELEVANT TO
FINANCIAL REPORTING, AND COMMUNICATION

The information system relevant to financial reporting

objectives, which includes the accounting system, consists of
the procedures and records designed and established to:
• Initiate, record, process, and report entity transactions (as
well as events and conditions) and to maintain accountability
for the related assets, liabilities, and equity;
• Resolve incorrect processing of transactions, for example,
automated suspense files and procedures followed to clear
suspense items out on a timely basis;
• Process and account for system overrides or bypasses to
controls;
COMPONENTS OF INTERNAL CONTROL—THE INFORMATION SYSTEM,
INCLUDING THE RELATED BUSINESS PROCESSES, RELEVANT TO
FINANCIAL REPORTING, AND COMMUNICATION

• Transfer information from transaction processing

systems to the general ledger;
• Capture information relevant to financial reporting for
events and conditions other than transactions, such as
the depreciation and amortization of assets and changes
in the recoverability of accounts receivables; and
• Ensure information required to be disclosed by the
applicable financial reporting framework is accumulated,
recorded, processed, summarized and appropriately
reported in the financial statements.
COMPONENTS OF INTERNAL CONTROL—CONTROL ACTIVITIES

Control activities are the policies and procedures that help

ensure that management directives are carried out.
Examples of specific control activities include those
relating to the following:
• Authorization.
• Performance reviews.
• Information processing.
• Physical controls.
• Segregation of duties.
COMPONENTS OF INTERNAL CONTROL—MONITORING OF CONTROLS

Monitoring of controls is a process to assess the effectiveness

of internal control performance over time. It involves assessing
the effectiveness of controls on a timely basis and taking
necessary corrective actions.
An important management responsibility is to establish and
maintain internal control on an ongoing basis.
Internal auditors or personnel performing similar functions
may contribute to the monitoring of an entity’s controls
through separate evaluations.
Monitoring activities may include using information from
communications from external parties that may indicate
problems or highlight areas in need of improvement.
COMPONENTS OF INTERNAL CONTROL—MONITORING OF CONTROLS

Monitoring of controls is a process to assess the effectiveness

of internal control performance over time. It involves assessing
the effectiveness of controls on a timely basis and taking
necessary corrective actions.
An important management responsibility is to establish and
maintain internal control on an ongoing basis.
Internal auditors or personnel performing similar functions
may contribute to the monitoring of an entity’s controls
through separate evaluations.
Monitoring activities may include using information from
communications from external parties that may indicate
problems or highlight areas in need of improvement.
THE REQUIRED UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT,
INCLUDING THE ENTITY’S INTERNAL CONTROL

The Entity and Its Environment

Industry Factors
Relevant industry factors include industry conditions such as
the competitive environment, supplier and customer
relationships, and technological developments. Examples of
matters the auditor may consider include:
The market and competition, including demand, capacity,
and price competition.
Cyclical or seasonal activity.
Product technology relating to the entity’s products.
Energy supply and cost.
THE REQUIRED UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT,
INCLUDING THE ENTITY’S INTERNAL CONTROL

The Entity and Its Environment

Regulatory Factors
Relevant regulatory factors include the regulatory environment. The regulatory
environment encompasses, among other matters, the applicable financial
reporting framework and the legal and political environment. Examples of matters
the auditor may consider include:
Accounting principles and industry specific practices.
Regulatory framework for a regulated industry.
Legislation and regulation that significantly affect the entity’s operations,
including direct supervisory activities.
Taxation (corporate and other)
Government policies currently affecting the conduct of the entity’s business,
Environmental requirements affecting the industry and the entity’s business.
THE REQUIRED UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT,
INCLUDING THE ENTITY’S INTERNAL CONTROL

The Entity and Its Environment

Other External Factors
Examples of other external factors
affecting the entity that the auditor may
consider include the general economic
conditions, interest rates and availability
of financing, and inflation or currency
revaluation.
NATURE OF THE ENTITY

The Nature of the Entity

An understanding of the nature of an entity
enables the auditor to understand such
matters as:
Whether the entity has a complex structure,
for example with subsidiaries or other
components in multiple locations.
The ownership, and relations between
owners and other people or entities
NATURE OF THE ENTITY

The Nature of the Entity

Examples of matters that the auditor may consider when
obtaining an understanding of the nature of the entity include:
Business operations such as
○ Nature of revenue sources, products or services, and
markets, including involvement in electronic commerce such
as Internet sales and marketing activities.
○ Conduct of operations (for example, stages and methods of
production, or activities exposed to environmental risks).
○ Alliances, joint ventures, and outsourcing activities.
○ Geographic dispersion and industry segmentation.
NATURE OF THE ENTITY

The Nature of the Entity

Examples of matters that the auditor may consider when
obtaining an understanding of the nature of the entity
include: Investments and investment activities such as
○ Planned or recently executed acquisitions or
divestitures.
○ Investments and dispositions of securities and loans.
○ Capital investment activities.
○ Investments in non-consolidated entities, including
partnerships, joint ventures and special-purpose entities.
NATURE OF THE ENTITY

The Nature of the Entity

Examples of matters that the auditor may consider when
obtaining an understanding of the nature of the entity include:
Financing and financing activities such as
Major subsidiaries and associated entities, including
consolidated and nonconsolidated structures.
Debt structure and related terms, including off-balance-sheet
financing arrangements and leasing arrangements.
Beneficial owners (local, foreign, business reputation and
experience) and related parties.
Use of derivative financial instruments.
NATURE OF THE ENTITY

The Nature of the Entity

Examples of matters that the auditor may consider when
obtaining an understanding of the nature of the entity
include: Financial reporting such as
Accounting principles and industry specific practices,
including industry specific significant categories
Revenue recognition practices.
Accounting for fair values.
Foreign currency assets, liabilities and transactions.
Accounting for unusual or complex transactions including those in controversial or emerging areas