Chapter 10
Assessing Control Risk / Tests of Controls
|Learning Check |
10-1. a. Assessing control risk is the process of evaluating the effectiveness of an entity's internal controls in preventing or detecting material misstatements in the financial statements.
b. Control risk should be assessed in terms of individual financial statement assertions.
10-2. In assessing control risk for an assertion, the auditor should perform the following five steps: 1. Consider knowledge acquired from procedures to obtain an understanding about whether controls pertaining to the assertion have been designed and placed in operation by the entity's management. 2. Identify the potential
…show more content…
However, the auditor must perform direct tests of application controls in order to assess control risk below a high level.
10-8. a. The advantages of using computer assisted audit technique in performing tests of controls include: • A significant part of the entity’s system of internal controls is imbedded in computer programs. • There are significant gaps in the visible audit trail. • There are large volumes of records to be tested.
b. The major disadvantages of using computer-assisted audit techniques are the special knowledge and skills required, and the possible disruption of the client’s IT operations while the auditor uses IT equipment, programs and files. The auditor must also test the effectiveness of manual follow-up procedures in order to determine how effectively the computer controls are at preventing or detecting and correcting misstatements in assertions.
10-9. The advantages of parallel simulation include the following: • Because real data are used, the auditor can verify the transactions by tracing them to source documents and approvals. • The size of the sample can be greatly expanded at relatively little additional cost. • The auditor can independently run the test.
The disadvantages
Team allocation for performing audit procedures to verify that controls are operating effectively through testing techniques and sampling methodologies.
Stage 2: Test of internal controls - By testing the effectiveness of the internal controls the auditor can determine the control risk that lies within the company. The audit team can perform tests of controls by making inquiries of appropriate client personnel, examining documents, records, and reports maintained by Smackey, observing control-related activities such as the one done for the inventory procedures for returned Best Boy Gourmet dog food, and re-perform the client procedures.
Moreover, the auditor should preform test for effectiveness of internal controls. He may interview management by asking questions on the process of the transactions and operational activities. He may discuss with management the process of some transactions from beginning to end and then test it by using sample testing. Also he/she should make sure that there is proper control of activities; policies and procedures for adequate segregation of duties are met.
Performing internal tests of controls is intended to assess the operating effectiveness of those internal controls. Here the staff would select an area of control to test, perhaps inventory management and return policy. They would then look at the procedures that help prevent fraud or error, talk to management, and observe activities. They would notice there is very little control in place for this area. There is no management oversight or dock security measures, no direct recording of sales receipts, shipping labels, or matching to accounts receivable. This would be noted as an area of additional concern. The next stage is to perform substantive testing procedures, where the purpose is to collect audit evidence that the management assertions made in the financial statements are reliable and in accordance with GAAP. Since my staff is good, they would have noticed the company’s sales projections are weak in control and are overstated by around 11%. They would perform a substantive test of detail in this area by selecting a sample of items from the account balances and finding bank statements, invoices, and test of details of balances. They would likely see specifically where the over-projections are being made. Lastly, in finalization, they would compile a report to management detailing any important matters, evaluating the audit evidence, and considering the type of audit opinion that should be reported. Specifically here, they would
reliable evidence, the confirmation process is subject to the risk of interception and alteration of
When performing risk assessment procedures and related activities to obtain an understanding of the client and its environment, the auditor shall obtain an understanding of the following:
Auditors should always evaluate the design and test the operating effectiveness of a company’s internal control. The key procedures of the evaluation of design are fulfilled by inquires, observations, and inspections. The same procedures can be used to test the operating effectiveness as well.
c. Identify inherent risks for the audit of Pinnacle using the information from Parts I and II. For each inherent risk, identify the account or accounts that may be affected.
Audit Risk Assessment can be done by this Audit Risk Model. This model consists of 3 types of risks i.e., inherent risk, control risk and detection risk. Eventually, audit risk is a product of these 3 types of risks (Griffiths, 2012).
e. “The auditor considers the level of assurance, if any, he wants from substantive testing for a particular audit objective and decides, among other things, which procedure, or combination of procedures, can provide that level of assurance. For some assertions, analytical
3.4 Summarise the types of risks that may be involved in assessment in own area of responsibility
The analysis of risk assessment controls are an important aspect of a system, as they are used as a basis for identifying and selecting appropriate and cost-effective measures.
Control risk associated with the audit also appears to be moderate based on the findings from interim audit procedures conducted in July and August 2007. The controls in place were found to be effective.
ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify
Auditors have the responsibilities as well as management to report internal controls. The auditors must examine closely management’s claim of effectiveness and also physically test the controls. After the examination, the auditors should express their opinion and any recommendations to fix any internal control weaknesses.