5.61 Internal Control Audit Standards. Auditors are required to obtain a suffici

Question

5.61 Internal Control Audit Standards. Auditors are required to obtain a sufficient under- standing of each component of a client's internal control. This understanding is used to assess control risk and plan the audit of the client's financial statements Required: a. For what purposes should an auditors' understanding of the internal control components be used in planning an audit? b. What is required for an audit team to assess control risk below the maximum level? c. What should an audit team consider when seeking to reduce the planned assessed level of control risk below the maximum? d. What are the documentation requirements concerning a client's internal control compo- nents and the assessed level of control risk?

Explanation / Answer

a.            In planning an audit, the auditors’ understanding of the internal control components should be used to identify the types of potential misstatements that could occur, to consider the factors affecting the risk of material misstatement, and to influence the design of substantive procedures.

b.            An audit team obtains an understanding of the design of relevant internal control activities (policies and procedures) and whether they have been implemented. Assessing control risk below the maximum level further involves identifying specific control activities (policies and procedures) relevant to specific assertions that are likely to prevent or detect material misstatements in those assertions. It also involves performing tests of controls to evaluate the operating design and effectiveness of the client’s control activities.

c.             When seeking a reduction in the assessed level of control risk below the maximum, an audit team should consider whether additional audit evidence sufficient to support the reduction is likely to be available, and whether it would be efficient to perform tests of controls to obtain that audit evidence. If controls are tested and found to be effective, the final control risk assessment is low and detection risk can be set higher. As a result, the nature, timing, and extent of substantive procedures would likely be adjusted to reflect the increase in detection risk.

d.            An audit team should document the understanding of a client’s internal control system components to plan the audit as well as the basis for the conclusion about the assessed level of control risk. In situations where the control risk is assessed at maximum level, the auditors are required to document their conclusion. They should also document their reasoning. However, if the assessed level of control risk is below the maximum level, the audit team should document the basis for the conclusion that the effectiveness of the design and operation of internal control activities supports that assessed level.

Related Questions

Navigate

• Browse (All)
• Browse 5
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.