Tasks assigned to auditors in accordance with this Standard:

1. auditors monitor and evaluate the effectiveness of the existing risk management system; 

2. auditors assess the risks, sufficiency and effectiveness of control in the sphere of corporate governance.

 The risk management functions have been additionally added to the internal audit functions set out in ISA 610. The definition of the internal control system is given in PSAD No. 8 "Understanding the activities of the audited entity, the environment in which it is carried out and the assessment of risks of material misstatement of the audited financial (accounting) statements," [5, paragraphs 41, 42.] "The internal control system represents is a process organized and implemented by representatives of property, management, and other employees of the audited entity to provide sufficient confidence in achieving the objectives in terms of financial reliability (accounting the) reporting, effectiveness and efficiency of business operations and compliance of the entity regulatory legal acts. This means that the organization of the internal control system and its operation are aimed at eliminating any risks of economic activity that threaten achievement of any of these goals. 

 

The internal control system includes the following elements:

 - control environment;

 - process of risk assessment by the entity being audited;

- information system, including those related to the preparation of financial (accounting) statements;

- control actions;

- monitoring of controls ".

 

 From this definition it largely coincides with the concepts and definitions given by COSO. It is noted that internal control in the understanding of COSO is based on the integration into business processes of certain procedures ensuring the implementation of management decisions with minimal risks. Depending on the purpose, all control procedures can be divided into four groups: directive, preventive, detective and corrective. Directing functions should be the management of the enterprise: the creation of an organizational structure, the adoption of corporate rules and regulations, planning, the implementation of certain policy procedures, the control of information flows, the creation of a system of motivation. To the legislative functions is also the control of powers - control, the performance of their duties, the division of powers in the management of the enterprise, when committed.

In many enterprises, economic security services have long been functioning, which partially carry out preventive functions (for example, checking the reliability of counterparties, participating in the inventory of commodity values, organizing internal control of fixed assets, raw materials and materials, controlling sales of products), and also carrying out detective functions: identification of undesirable events, their prevention, finding out the causes of the offensive, ensuring information security. Other preventive and corrective functions refer to the financial unit of the enterprise. 

Prophylactic functions: control of documentary registration, ie ensuring that all authorized transactions are reflected, including control of product sales, monitoring of cash receipts, control of accounts payable, settlements with the budget, checking the correctness of accounting for production costs; providing information for making managerial decisions, providing financial information, managing risks; corrective functions: control of the implementation of budgets and other current plans, determination of deviations and identification of the causes of their occurrence.

 One of the trends in the development of audit, including internal audit, is the expansion of its goals and objectives and transformation from a merely supervisory body to a body whose purpose is to establish strategic opportunities for the development of the enterprise, conduct strategic analysis and determine the prospects for development. Therefore, the functions of internal audit can be divided into two groups: strategic and current. 

 

The strategic functions of internal audit include:

- monitoring the external environment of the enterprise; 

- Participation in the development of the enterprise development strategy; 

- creation of a risk assessment system, risk management; 

- evaluation of investment and other projects. 

 

From the above lists of internal control and internal audit functions, directive and detective functions are inherent only in internal control, and preventive and corrective functions are inherent in both internal control and internal audit, but internal audit has also strategic functions that are not used in internal control. The choice of specific functions of internal control and internal audit cannot be standardized and depends on the goals and tasks that each enterprise determines for itself and performs. Also, the choice is determined by the size of the organization, its organizational structure, management structure.