Assessing Control Risk / Tests of Controls
|Learning Check |
10-1. a. Assessing control risk is the process of evaluating the effectiveness of an entity's internal controls in preventing or detecting material misstatements in the financial statements.
b. Control risk should be assessed in terms of individual financial statement assertions.
10-2. In assessing control risk for an assertion, the auditor should perform the following five steps: 1. Consider knowledge acquired from procedures to obtain an understanding about whether controls pertaining to the assertion have been designed and placed in operation by the entity's management. 2. Identify the potential misstatements that could occur in the entity's assertion. 3. Identify the necessary controls that would likely prevent or detect the misstatements. 4. Perform tests of controls on the necessary controls to determine the effectiveness of their design and operation. 5. Evaluate the evidence and make the assessment.
10-3. In identifying both potential misstatements and necessary controls, the auditor typically uses either (1) computer software that analyzes responses to specific questions input for computerized internal control questionnaires or (2) checklists developed for the same purpose.
10-4. a. Evidence obtained from procedures to obtain an understanding should be used by the auditor to (1) identify types of potential misstatements and (2) consider factors that affect the risk of material misstatements, such as whether controls necessary to prevent or detect the misstatements have been designed and placed in operation. This knowledge should enable the auditor to make an initial assessment of control risk for an assertion. During this process the auditor may obtain some evidence about the effectiveness of the design and operation of internal controls. However, such evidence rarely is sufficient to allow the