entity-level is the top down, at high scale approach, and it's important because if you find that things are working then you don't have to keep going and test things at the operations level, transaction level I mean...
but I thought you had to for issuers no matter what...
maybe auditing the internal controls is sufficient if it works, or: they are auditing for internal control, it's just that sometimes they don't have to drill down to the transaction level
that's the second question. No, I don't think so. understanding will suffice. No, that can't be right, you have to test for each relevant assertion
answer: it depends on whether this is an issuer, or nonissuer, if you're a nonissuer, then you might not TEST internal controls because they may be too ineffective
but it looks like for an issuer you have to because you're doing an integrated audit
three ways?
- narrative
- flow chart
- questionnaire
No comments:
Post a Comment