ACCA F8 考试：Methods for Understanding Internal Control
■ To be able to understand internal control, the design of a control and then its implementation must be ascertained by the auditor.
□ Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements.
□ Implementation of a control means that the control exists and that the entity is using it.
□ A poorly designed control may still result in a material misstatement regardless of the fact that it is being correctly operated.*
■ Risk assessment procedures to obtain sufficient evidence about the design of internal control include previous experience, inquiry, observation, inspection and walkthroughs
experience■Past understanding and assessments carried out （as recorded in the PAF）. This must be updated when changes have occurred in the current year.
Inquiry■ Usually of entity personnel （e.g. management, internal audit, those charged with governance, operational personnel）.
Observation■ Reviewing the application of specific controls, especially in manual systems （e.g. inventory counts, inspection of goods received, enforcement of ethical practices）.
Inspection■ Documents and reports, for example:
□ the entity's risk-strategy assessment and response;
□ internal control procedure manuals;
□ management reports;
□ system and control error reports;
□ internal audit testing programmes （including reports to management and management response）.
Walk-through■ Desktop walk-through, supported by design and procedural manuals, to gain a theoretical understanding of the controls in a system.
■ Tracing a separate transaction through each relevant element of the control system （e.g. the sales system） and reviewing the design of appropriate controls.
■ This will often require the use of computer audit assisted techniques to enable the transaction to be traced through computer-based information systems （IS）.