Edp Auditing
Control risk
The auditor obtains an understanding of the design and implementation of internal
Control to make a preliminary assessment of control risk as part of the auditor’s overall
Assessment of the risk of material misstatements. The auditor uses this preliminary assessment of control risk to plan the audit for each material class of transactions. However, in some instances the auditor may learn that the control deficiencies are significant such that the client’s financial statements may not be auditable. So, before making a preliminary assessment of control risk for each material class of transactions, the auditor must first decide whether the entity is auditable. Two primary factors determine auditability: the integrity of management and the ade - quacy of accounting records. If management lacks integrity, most auditors will not accept the engagement.
The accounting records are an important source of audit evidence for most audit objectives. If the accounting records are deficient, necessary audit evidence may not be available. For example, if the client has not kept duplicate sales invoices and vendors’ invoices, it is usually impractical to do an audit.
In complex IT environments, much of the transaction information is available only in electronic form without generating a visible audit trail of documents and records. In that case, the company is usually still auditable; however, auditors must assess whether they have the necessary skills to gather evidence that is in electronic form and can assign personnel with adequate IT training and experience.
After obtaining an understanding of internal control, the auditor makes a preliminary assessment of control risk as part of the auditor’s overall assessment of the risk of material misstatement. This assessment is a measure of the auditor’s expectation that internal controls will prevent material misstatements from occurring or detect and correct them if they have occurred.
The starting point for most
The auditor obtains an understanding of the design and implementation of internal
Control to make a preliminary assessment of control risk as part of the auditor’s overall
Assessment of the risk of material misstatements. The auditor uses this preliminary assessment of control risk to plan the audit for each material class of transactions. However, in some instances the auditor may learn that the control deficiencies are significant such that the client’s financial statements may not be auditable. So, before making a preliminary assessment of control risk for each material class of transactions, the auditor must first decide whether the entity is auditable. Two primary factors determine auditability: the integrity of management and the ade - quacy of accounting records. If management lacks integrity, most auditors will not accept the engagement.
The accounting records are an important source of audit evidence for most audit objectives. If the accounting records are deficient, necessary audit evidence may not be available. For example, if the client has not kept duplicate sales invoices and vendors’ invoices, it is usually impractical to do an audit.
In complex IT environments, much of the transaction information is available only in electronic form without generating a visible audit trail of documents and records. In that case, the company is usually still auditable; however, auditors must assess whether they have the necessary skills to gather evidence that is in electronic form and can assign personnel with adequate IT training and experience.
After obtaining an understanding of internal control, the auditor makes a preliminary assessment of control risk as part of the auditor’s overall assessment of the risk of material misstatement. This assessment is a measure of the auditor’s expectation that internal controls will prevent material misstatements from occurring or detect and correct them if they have occurred.
The starting point for most