How does the understanding of internal control differ for assertions where the auditor plans a lower assessed level of control risk approach versus a primary substantive approach? How would you as the auditor, document this understanding of an entity's internal controls? Is there such a thing as a "good" control or a "bad" control other than being effective?© BrainMass Inc. brainmass.com October 25, 2018, 9:22 am ad1c9bdddf
How does the understanding of internal control differ for assertions where the auditor plans a lower assessed level of control risk approach versus a primary substantive approach?
When an auditor assesses control risk below the maximum, he must test those controls to be sure the assessment of less than maximum is warranted. That is, for the controls he understands, are they actually working or not? If they are designed but not working, he must treat it as if it was not even there. In a primarily substantive approach, the control risk is assessed at the maximum and there is no reliance on controls in gathering evidence and much more ...
Your discussion is 344 words and gives examples of good versus bad (strong vs weak) internal controls and how the auditor documents and responds to the understanding of controls in their testing.
Auditing - Assessing control risk
An auditor is required to obtain a sufficient understanding of each of the components of an entity's system of internal control to plan the audit of the entity's financial statements and to assess control risk for the assertions embodied in the account balance, transaction class, and disclosure components of the financial statements.
a. Explain the reasons an auditor may assess control risk at the maximum level for one or more assertions embodied in an account balance.
b. What must an auditor do to support assessing control risk at less than the maximum level when the auditor has determined that controls have been placed in operation?
c. What should an auditor consider when seeking a further reduction in the planned assessed level of control risk?
d. What are an auditor's documentation requirements concerning an entity's system of internal control and the assessed level of control risk?View Full Posting Details