Auditors should understand the five components of internal control that are sufficient to assess the risk of material misstatement of the financial statements, whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures. When performing the risk assessment of a potential client, auditors should use sufficient understanding to come to this conclusion. Explain the difference between sufficient understanding and satisfactory and reliable evidence. What steps does an auditor take to determine the overall sufficiency and appropriateness of evidence? 250 Words.
The five components of internal control are
1. Control environment (tone at the top, entity-level controls)
2. Risk assessment (knowing where you are most vulnerable)
3. Control activities (account-level controls, reconciliations, segregation of duties, passwords and so forth)
4. Communication and information (reporting the activities of the business, including financial reporting)
5. Monitoring (ways of finding out if the controls are ...
Your discussion is 256 words and gives you the five components of internal control (with a reference), a discussion about how understanding and evidence differ and a discussion about how you know when evidence is sufficient.