10 Questions
What type of evidence does the auditor commonly use to understand the design and implementation of controls by observing employees performing control processes?
Observation
Which document type provides a written description of a client's internal controls?
Narrative
What is the purpose of an Internal Control Questionnaire according to the text?
To ask questions about controls to identify deficiencies
Which type of evidence involves tracing one or a few transactions through the accounting system from start to finish?
Reperformance
What is the purpose of using flowcharts in understanding internal controls?
To provide an overview of the client's system flow
In addition to understanding control design, what else must the auditor evaluate?
Implementation of designed controls
Which type of evidence involves asking questions directly to entity personnel?
Inquiry
'Reperformance' by tracing transactions through the accounting system is primarily used to:
Test the effectiveness of controls in place
'Internal Control Questionnaire' is mainly used for:
Identifying internal control deficiencies
In practice, what do auditors often do simultaneously regarding controls?
Understand the design and test the effectiveness
Study Notes
Internal Control and Audit
- The auditor's assessed control risk remains the same as the preliminary assessment if the tests of controls support the design and operation of controls as expected.
- If the tests of controls indicate that the controls did not operate effectively, the assessed control risk must be reconsidered.
Types of Procedures to Support Operating Effectiveness
- The auditor uses four types of procedures to support the operating effectiveness of internal controls:
- Make inquiries of appropriate client personnel
- Examine documents, records, and reports
- Observe control-related activities
- Repreform client procedures
Extent of Tests of Controls
- The extent of tests of controls depends on the preliminary assessed control risk.
- If the auditor wants a lower assessed control risk, more extensive tests of controls are applied.
Detection Risk and Substantive Tests
- The auditor uses the control risk assessment and results of tests of controls to determine planned detection risk and related substantive tests for the audit of financial statements.
Evaluating Internal Control Deficiencies
- The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors.
Evaluating the Effectiveness of a Control
- Evaluating the effectiveness of a control involves obtaining evidence about whether it is operating as designed.
- The evaluation follows a structured, logical, and organized series of steps and procedures.
Phases of Evaluation
- Phase 1: Obtain and document understanding of internal control design and operation
- Phase 2: Assess control risk
- Phase 3: Design, perform, and evaluate tests of controls
- Phase 4: Decide planned detection risk and substantive tests
Understanding Internal Control Design
- The auditor uses procedures to obtain an understanding of the design of internal controls and whether they have been implemented.
- The auditor uses four types of evidence in obtaining an understanding of the design and implementation of controls:
- Inspection
- Inquiry of entity personnel
- Observation of employees performing control processes
- Repreformance by tracing one or a few transactions through the accounting system from start to finish
Documents Used to Obtain Understanding
- The auditor commonly uses three types of documents to obtain and document their understanding of the design of internal control:
- Narrative: a written description of a client's internal controls
- Flowchart: a diagram of a client's documents and their sequential flow in the organization
- Internal Control Questionnaire: asks a series of questions about the controls in each audit area as a means of identifying internal control deficiencies
Learn about how an auditor assesses control risk based on the results of tests of controls. Understand the procedures used by auditors to evaluate the operating effectiveness of internal controls.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free