AUD 3 Internal Control 10 - 1 Flashcards
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
An auditor performs the following procedures to obtain and apply an understanding of internal control to an audit:
Step 1 – Obtain an understanding of the design of all 5 components of the entity’s internal control (CRIME) through the performance of risk assessment procedures.
Step 2 – Document the understanding of Internal Control.
Step 3 – Assess Risk of Material Misstatement (RMM) which consists of inherent risk (IR) and control risk (CR).
RMM = IR × CR
Step 4 – Develop an audit strategy to either:
o (RELY?)
Perform tests of control (TofC) to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or
o (NOT Rely)
Decide NOT to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
Step 5 – Reassess Risk of Material Misstatement and evaluate results.
o For controls for which tests of controls were performed, evaluate results to reassess RMM and determine if it is appropriate to modify the nature, timing, and extent of further audit procedures.
Step 6 – Document conclusions and determine the effect on the planned substantive procedures. At this point, the audit program needs to be developed or revised for further audit procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
An auditor performs the following procedures to obtain and apply an understanding of internal control to an audit:
Step 1 – Obtain an understanding of the design of all 5 components of the entity’s internal control (CRIME) through the performance of risk assessment procedures.
Step 2 – Document the understanding of Internal Control.
Step 3 – Assess Risk of Material Misstatement (RMM) which consists of inherent risk (IR) and control risk (CR).
RMM = IR × CR
Step 4 – Develop an audit strategy to either:
o (RELY?)
Perform tests of control (TofC) to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or
o (NOT Rely)
Decide NOT to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
Step 5 – Reassess Risk of Material Misstatement and evaluate results.
o For controls for which tests of controls were performed, evaluate results to reassess RMM and determine if it is appropriate to modify the nature, timing, and extent of further audit procedures.
Step 6 – Document conclusions and determine the effect on the planned substantive procedures. At this point, the audit program needs to be developed or revised for further audit procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
(what is the form?)
Have the controls been IMPLEMENTED (put into use?).
To evaluate the implementation of a control means to determine whether a control is actually being used by the entity.
The auditor first considers the design of the control. If the control is improperly designed, it may represent a material weakness in the entity’s internal control.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
(what is the form?)
Have the controls been IMPLEMENTED (put into use?).
To evaluate the implementation of a control means to determine whether a control is actually being used by the entity.
The auditor first considers the design of the control. If the control is improperly designed, it may represent a material weakness in the entity’s internal control.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
An auditor obtains an understanding of the entity and its environment, including its internal control (CRIME) through the performance of risk assessment procedures.
These are procedures designed to provide the auditor with an adequate understanding to enable the auditor to effectively assess the risk of material misstatement of the financial statements.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
An auditor obtains an understanding of the entity and its environment, including its internal control (CRIME) through the performance of risk assessment procedures.
These are procedures designed to provide the auditor with an adequate understanding to enable the auditor to effectively assess the risk of material misstatement of the financial statements.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Risk assessment procedures include:
- Analytical procedures (Using high level data)
- Inquiries of management and others within the entity, including inquiries of internal auditors.
- Inspection (of documents and records)
- Observation (the application of specific controls)
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Risk assessment procedures include:
- Analytical procedures (Using high level data)
- Inquiries of management and others within the entity, including inquiries of internal auditors.
- Inspection (of documents and records)
- Observation (the application of specific controls)
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the inf_________ that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an au____ obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal con____s will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will in______y be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the re____ of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of in_____ies made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s m_________ and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and o____s who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor be_____s can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide re______ information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can pro____ relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing au____, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much inf________ will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be de___ed from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from re____ing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing pr___ period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a con____ing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period eng_______ files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement f___s.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
Most of the information that an auditor obtains about an entity’s internal controls will initially be the result of inquiries made of the entity’s management and others who the auditor believes can provide relevant information.
If the auditor is a continuing auditor, much information will be derived from reviewing prior period engagement files.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
When ob____ing an understanding of controls that are relevant to the audit,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 1 –
- Understand the Design of CRIME by performing Risk Assessment Procedures
When obtaining an understanding of controls that are relevant to the audit,