Share
Explore BrainMass

Assess internal controls at max: substantive tests, controls

How does the understanding of internal control differ for assertions where the auditor plans a lower assessed level of control risk approach versus a primary substantive approach? How would you as the auditor, document this understanding of an entity's internal controls? Is there such a thing as a "good" control or a "bad" control other than being effective?

Solution Preview

How does the understanding of internal control differ for assertions where the auditor plans a lower assessed level of control risk approach versus a primary substantive approach?

When an auditor assesses control risk below the maximum, he must test those controls to be sure the assessment of less than maximum is warranted. That is, for the controls he understands, are they actually working or not? If they are designed but not working, he must treat it as if it was not even there. In a primarily substantive approach, the control risk is assessed at the maximum and there is no reliance on controls in gathering evidence and much more ...

Solution Summary

Your discussion is 344 words and gives examples of good versus bad (strong vs weak) internal controls and how the auditor documents and responds to the understanding of controls in their testing.

$2.19