369 paragraphs found
The nature and extent of procedures to gain this understanding are a matter for the assurance practitioner’s professional judgement and will depend on factors such as: the entity’s size and complexity; the nature of the system to be examined, including …
The extent to which an understanding of the IT controls is required, and the level of specialist skills necessary, will be affected by the complexity of the computer system, extent of computer use and importance to the entity, and the extent to which …
As noted in paragraph 17(g) , control objectives relate to risks that controls seek to mitigate. The entity is responsible for identifying the risks that threaten achievement of the control objectives which are either stated in the entity’s description …
In practice, in an engagement where there is no description prepared by the responsible party, the assurance practitioner’s work in identifying the relevant control objectives to be addressed may help to formalise the risk assessment …
Consideration of risks may need to go beyond the immediate system. For example, risks may arise as a result of matters which may influence behaviour, such as basis of remuneration, bonuses or the performance measures applied to employees. Factors such …
When identifying and assessing the risk of material control deficiencies or deviations, the assurance practitioner may consider the following factors: that it is unreasonable for the cost of a control to exceed the expected benefits to be derived; …
The use of IT affects the way in which control activities are implemented. From the assurance practitioner’s perspective, controls over IT systems are effective when they maintain the security, confidentiality, privacy and integrity of the data which …
General IT controls are policies and procedures that relate to many software applications and support the effective functioning of process controls. Deficiencies in general IT controls can undermine the effectiveness of process controls and may render …
Process controls are manual or automated procedures that typically operate at a business process level and apply to the processing of data by individual software applications. Process controls can be preventive or detective in nature and are designed to …
Generally, IT benefits an entity’s internal control by enabling an entity to: consistently apply predefined criteria and perform complex calculations in processing large volumes of transactions or data; enhance the timeliness, accessibility, availability, …