The auditor’s understanding of the design and implementation of internal control components
In this guide the Audit and Assurance Faculty highlights practical considerations, and presents examples of the types of work to be performed by auditors when obtaining an understanding of the design and implementation of internal control components in relation to audits of smaller, less complex entities.
The risk ISAs were introduced in 2003 using the five component classification of the US COSO framework. This framework has been widely used since 1992 and has stood the test of time. ISA 315 does not require auditors to use it, provided that all of the components are covered, but many if not most firms and the providers of proprietary software systems find this a convenient framework to use.
Auditors are required to evaluate whether: