Internal control is the process designed by those charged with governance, management and other personnel to provide reasonable about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations.

Control environment includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity.

Commitment to competence – Management’s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge
Organizational structure – The framework within which an entity’s activities for achieving its objectives are planned, executed, controlled and reviewed.
Human resource policies and practices – recruitment, orientation, training, evaluating, counseling, promoting, compensating and remedial actions.

The entity’s risk assessment process means the auditor should obtain an understanding of the entity’s process for (1) identifying business risks relevant to financial reporting objectives, (2)estimates the significance risks, (3)assesses the likelihood of their occurrence and (4)decides upon action to manage business risk.
得到(明白)整個過程為左識別風險(About FR)->估計風險意義->評估發生可能性->決定行動去管理風險.

The auditor is required to consider the information system relevant to financial reporting objectives, including the accounting system .Auditor should obtain an understanding of the information systems including the related business processes, relevant to financial reporting, including the following areas (examples):
  The classes of transactions in the entity’s operations those are significant to the financial statements.
  Transactions are initiated, recorded, processed and reported in the financial statements.
  The related accounting records, whether...