Question

Auditors are required to obtain a sufficient understanding of an entity's internal control. This understanding is required by the performance principle of GAAS.

Required:

What are some of the goals (purposes) for conducting an evaluation of an entity's internal control?

Answer 1

The purposes of the audit team evaluation of INTERNAL CONTROLS are to assess the CONTROL RISK as part of the overall assessment of RMM in order to make the substantative audit plan and report control defecencies to management and the board of directors. The PCAOB AS 5 defines the additional responsibilities for management and public accounting firms reports on internal control stipulated by sarbanes oxley act

*** INTERNAL CONTROLS consist of 5 components

1. Control environment
2. Risk assessment
3. Information and communication systems
4. Control activities
5. monitoring of the control system

** The auditor is required to gain an understanding of each component and to document this understanding in the audit files. The CE and MRA are explained in in conjunction with control activities designed to prevent, detect, and correct misstatements that occur in transactions.

*** Documentation of INTERNAL CONTROLS systems is accomplished through the use of questionnaires, flowcharts and narratives

*** INTERNAL CONTROLS is asseessed in a top down manner by which auditors first identify accounts that may contain significant risk. They then identify which relevant assertion may be misstated. After determining what can go wrong audit teams examine Entity level controls that might mitigate the RMM. Finally they identify transaction level controls, it must test the controls to ensure they are operating effectively. Where controls are not in place to reduce the risk, or if testing the controls would not be cost effective, substantative test are designed to identify any material mistatements.

--It is important to distinguish the clients control activities from the audit teams test of control. Control activities are part of the INTERNAL CONTROLS designed and operated by the entity. The audit teams procedures are the audit teams own evidence gathering work performed to obtain evidence about the clients control activities.


** Sarbanes oxley requires that management of public companies report on their assessments of the effectiveness of their financial reporting controls, and that audit teams provide opinions on the controls over financial reporting. This may involve more extensive procedures than those required by GAAP