Our methodology is directed to the components of the internal control framework, the Committee of Sponsoring Organizations (COSO) and the Enterprise Risk Management (ERM), based on the company strategies, we design the procedures necessary to identify potential events that may affect the entity based on the risks associated with achieving the objectives. This risk assessment starts at the customer acceptance stage and is performed throughout the audit process.
We will evaluate the Control Environment through the comprehensive risk philosophy, the level of risk assumed by senior management, the board's oversight, integrity and ethical values of management, as well as levels of responsibility and appropriate segregation of functions.
We will evaluate the objectives established to determine the risks associated to the business and audit risks that could affect the opinion of the financial statements.
We will identify the potential events that may occur and affect the business, both external and internal, as part of our overall business knowledge.
Identificaremos los eventos potenciales que pudieran ocurrir y que afecten al negocio, tanto externo como interno, como parte de nuestro conocimiento del negocio a nivel general.
We will carry out a risk assessment that allows us to identify the potential risks in which the business is exposed and the auditing risks that exist.
We will evaluate the responses to the risks that management establishes according to the level of tolerance: 1) if it is avoided, 2) if it is mitigated, 3) if it is shared or 4) if it is accepted.
Within control activities, our approach is based on the existing policies and procedures that assure management that risks are executed in an appropriate and timely manner. We well determine whether existing controls are preventive, detective or corrective.
We will analyze the level of information and communication used by management for knowledge of integrated strategies and systems, the integration of operations, timeliness and depth of information, the quality of information and the source of information.
We will also monitor the significant information, reports and documents that support the financial information.
Review of the areas of the financial statements
We will review procedures to obtain audit evidence about the amounts that support the disclosures in the financial statements.
Preparation and presentation of the draft audit report
We will prepare a draft of the financial statements to present it to the Board of Directors and Shareholders, in which will be discussed the disclosures made and the audit opinion.
Presentation of identified findings
We will make a letter addressed to the Board of Directors and Shareholders with the points and findings detected in the audit process. It will include the identified finding, the recommendations and, subsequently, the comments of the management, as established in SAS 61 about communication with the audit committee and / or Board of Directors and Shareholders.
Representation of management
Management will provide us certain representations required by us on all statements made during the audit process.