Evaluating Internal Controls Flashcards
If an auditor deems that the internal controls are “ineffective,” what is the next step?
Perform a wholly substantive audit approach
If the auditor perceives the internal controls to be effective, what does the auditor do?
Considers internal controls risk at less than the maximum level (which means reliance)
Need to consider “cost-benefit” issues
Reliance buys a reduction of substantive audit work to some degree, but consider “costs” additional effort to perform test of control
When determining that the control risk is less than the maximum level, the auditor should perform a test of controls. The purpose of performing test of controls is too?
Verify that the controls that looked good on paper were actually working as intended through the period (operating effectiveness)
When performing a test of controls, the auditor should do what?
Select a sample of transactions and verify that the control procedure of interest were, in fact, performed on the transactions in the sample which usually require that the control procedure be documented as it is performed.
After evaluating the audit risk, the auditors would prepare a written “audit plan” designed to achieve…?
The appropriate level of detection risk
Whose responsibility in internal controls?
Management
What are the inherent limitations for internal control?
Auditors have access internal control risk- but management determines the effectiveness of internal control
Management has to make a cost/benefit of internal control policies. The costs should not outweigh the benefits.
T/F: Wherever there is a human element involved, there is a big breakdown of internal controls?
True- Mistakes occur due to misunderstandings, misjudgments, or fatigue (human element)
Does there have to be adequate internal control to perform an audit?
Yes!
