1) What do you do if you are unable to determine internal controls?
2) Which do you think is most important?
The two types of audit tests are tests of controls and the substantive tests. The tests of controls are tests that are designated to reduce assessed risk and their assessment of risks of misstatement of materials at assertion level includes the expectation that controls are effectively operating. The test controls are often used to establish whether controls within a system are efficiently and effectively functioning so that the auditors can determine whether or not to rely on the controls during the auditing activity (Eilifsen, Messier, Glover, & Prawitt, 2010). Examples of tests of controls include observation of how specific controls are applied, inquiries of management and general staff, walk-throughs, inspection of documents, re-performance, and electronic files and reports.
3) Evidence obtained from procedures to obtain an understanding should be used by the auditor to (1) identify types of potential misstatements and (2) consider factors that affect the risk of material misstatements, such as whether controls necessary to prevent or detect the misstatements have been designed and placed in operation. This knowledge should enable the auditor to make an initial assessment of control risk for an assertion. During this process the auditor may obtain some evidence about the effectiveness of the design and operation of internal controls. However, such evidence rarely is sufficient to allow the auditor to assess control risk at moderate or low.
Evidence obtained from tests of controls pertains to the effectiveness of the design and/or operation of the control tested and may be used in making a final assessment of control risk for an assertion.
1) If the auditor is unable to determine internal controls, for whatever reason, the auditor needs to state that the internal control environment could not be assessed. Most auditors will withdraw from an engagement when internal controls cannot be determined, because it puts the auditor at too high of a level of professional risk. If internal controls cannot be assessed, the auditor really needs to look at why they can't be assessed. Many times, management has circumvented the proper channels, making it impossible for an auditor to assess the internal ...
This solution discusses what an auditor should do if the auditor is unable to determine internal controls and what the most important action is. This solution also provides comments based on the auditing information given.