Comptronix Case

Risk monitoring and control is the next step and involves the owners of the risks to monitor various risk triggers. This works by scanning the project environment for both identified and unidentified threats and opportunities much like a radar screen (Marchewka, 2009). This approach directly relates to how to respond to the risk. Risk response allows the owner of the risk to commit resources and take actions once the risk is known or opportunity is available. This action usually follows the planned risk strategy.

Audit Risk Assessment can be done by this Audit Risk Model. This model consists of 3 types of risks i.e., inherent risk, control risk and detection risk. Eventually, audit risk is a product of these 3 types of risks (Griffiths, 2012).

Knowledge about risks related to the company evaluated as part of the auditor 's client acceptance and retention evaluation; and the relative complexity of the company 's operations. ( Auditing Standard No. 9 //. (n.d.).

The design and implementation and objectives of company controls are not adequate to meet the control objectives. The control environment control objective is ineffective. This control objective lacks a written policy on ethical conduct, is lacking oversight from the board of directors and audit committee, lacks a consistent style and philosophy from management, and lacks a strong commitment to competence. The risk assessment control objective is effective but lacks any antifraud program and controls. The information and communication control is ineffective. A virus has been detected and is affecting the files of the company. This control is lacking a strong IT department. The general controls financial reporting control objective is effective but is weak in detecting or preventing material misstatement. The monitoring control objective is ineffective; this control has need of an internal auditor.

Q1. What is the link between audit risk and engagement risk? How does the audit risk model allow the auditor to deal with these risks in the most cost effective manner?

CAS 300 requires auditors to their audit using a risk based model where the nature, timing and extent of audit procedures are based on the assessed risk of material misstatement. Pickett (2006) argues that for audits to be effective and efficient, much of the audit effort should be focused on areas that are considered to pose the highest audit risk. Additional audit procedures should be linked to individual audit assertions whereas other audit procedures need to be performed as and when needed. Thus, for an audit plan to be put in place, it is necessary for an auditor to come up with a risk profile of the client comprising an understanding of the business operating by the audit client, assess business risk and also perform its preliminary analytical review.

When performing risk assessment procedures and related activities to obtain an understanding of the client and its environment, the auditor shall obtain an understanding of the following:

17) The risk that the auditor will NOT detect a material misstatement that exists in an assertion is

The analysis of risk assessment controls are an important aspect of a system, as they are used as a basis for identifying and selecting appropriate and cost-effective measures.

Discuss the audit risk model, and ascertain which sampling or non-sampling techniques you would use in order to establish your preliminary judgment about materiality. Justify your response.

| Implication: Increased risk of misstatement of bad debt expense and allowance for bad debts. Response: Assign more experienced auditors to this area. Increase evidence.

“Keystone Computers & Networks, Inc. (KCN) is a company that sells and installs computer workstations and networking software to business customers. The CPA firm of Adams, Barnes & Co. has audited the financial statements of KCN for the past three years. The case illustrates selective audit planning working papers that were prepared by the staff of Adams, Barnes & Co. for this year’s audit.” I will be listing the order in which I would perform this audit and I will decide if I should select the client and focus on the key audit objectives while applying the audit risk model.

However, companies generally adopt a methodology for overall risk assessment. Sometimes these methodologies involve the assignation of risk oversight to leaders in each area. The approach is based upon the assumption that each area knows itself best. However, this often overlooks potential issues in favor of confronting them after they develop. As the need for

Auditors should plan the audit so that the engagement is conducted in an effective manner.

ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify