Embedded Files
The audit team follows a three-phase approach to assessing control risk, which directly impacts the risk of material misstatement (RMM) and the nature, timing, and extent of further audit procedures.
Phase 1: Understanding and Documenting Internal Controls
Phase 1: Understanding and Documenting Internal Controls
Auditors gain an understanding of the client's control environment, risk assessment process, control activities, information systems, and monitoring procedures.
This is documented through flowcharts, questionnaires, and narratives.
The goal is to identify relevant assertions related to financial statement accounts and disclosures.
Phase 2: Assessing Control Risk
Phase 2: Assessing Control Risk
Control risk is the likelihood that internal controls will fail to prevent or detect material misstatements.
If control risk is high, auditors assume controls are ineffective and must increase substantive testing.
If control risk is low, auditors may rely on controls and reduce substantive testing.
Phase 3: Identifying and Testing Controls
Phase 3: Identifying and Testing Controls
If auditors plan to rely on controls, they must test their design and operating effectiveness.
Tests include inquiries, observation, inspection of documents, and re-performance of control activities.
If controls fail testing, auditors revise their risk assessment and increase substantive procedures.
Impact on Audit Procedures
Impact on Audit Procedures
The assessment of control risk affects:
Nature of Audit Procedures
Higher control risk → More detailed substantive testing (e.g., test of details).
Lower control risk → Reliance on analytical procedures.
Timing of Audit Procedures
Higher control risk → Testing at year-end for more reliable evidence.
Lower control risk → Testing at interim dates to improve efficiency.
Extent of Audit Procedures
Higher control risk → Larger sample sizes for more assurance.
Lower control risk → Smaller sample sizes due to reliance on controls.
Page updated
Google Sites
Report abuse