Lesson 16: Assessing Control Risk

Executive Finance

7 May 201203:45

Summary

TLDRThis lesson focuses on the importance of auditing internal controls, detailing why auditors assess them and the methods used. It covers understanding control environments, documenting processes through descriptions, flowcharts, and questionnaires, and the significance of walk-throughs. The script also discusses assessing control risk, identifying key controls, and the efficiency of computer controls versus manual controls, setting the stage for the next lesson on control testing.

Takeaways

🎓 In auditing, understanding internal controls is mandatory, even if the auditor does not plan to rely on them.
🔍 Auditing standards and the audit risk model guide the process of assessing internal controls.
💼 The auditor's objective is to evaluate the control environment, computer controls, and specific control activities.
🗂️ Documentation of controls can be done through narrative descriptions, flowcharts, or questionnaires.
📈 Flowcharts and questionnaires are often the preferred methods for documenting controls.
🔄 Information about controls is often carried forward from year to year, with updates as necessary.
🚶‍♂️ Walk-throughs are performed to confirm that systems function as documented.
📉 The assessment of control risk directly impacts the planned detection risk and the amount of audit work required.
🔑 Key controls are identified to address audit objectives within each transaction cycle.
🤖 Computer controls are generally more effective to test than manual controls due to reduced human error.
🛠️ Once computer controls are proven to operate as intended, they generally do not require retesting unless there are changes to the system.

Q & A

What was the main focus of the previous lesson?
-The previous lesson focused on explaining what internal controls are, their characteristics, and their objectives.
Why do auditors audit internal controls?
-Auditors audit internal controls to gain an understanding of them, which is necessary to assess audit risk and identify potential errors or fraud.
What does the audit risk model have to do with understanding internal controls?
-Understanding internal controls is necessary to assess audit risk, as it helps to identify the types of potential errors or fraud.
How do auditors gather information about internal controls?
-Auditors gather information about internal controls by discussing them with the client and examining internal documents such as policy manuals.
What are the three methods of documenting understanding of internal controls mentioned in the script?
-The three methods are: 1) A narrative description of the process and controls in place, 2) A flowchart representation of the process flow, and 3) Using an internal control questionnaire.
What is a 'walk-through' in the context of auditing?
-A 'walk-through' is the process of tracing one or a few transactions through the accounting system to confirm the auditor's understanding of how the systems function.
How does the assessment of control risk impact the audit process?
-The assessment of control risk directly impacts the planned detection risk and the extent of audit work required.
What are audit objectives in relation to transaction cycles?
-Audit objectives are essentially management assertions that are specified for each transaction cycle.
Why might auditors choose one control over another to test, even if both address the same objective?
-Auditors might choose one control over another because they believe it is either most effective or more efficient to test.
What is the difference between testing computer controls and manual controls?
-Computer controls can be more effective to test due to less risk of human error, assuming strong general computer controls are in place. Manual controls need to consider operating effectiveness throughout the entire period, which is subject to human frailty.
What happens when a manual control is dependent on an employee who leaves, gets sick, or goes on vacation?
-When an employee performing a manual control leaves, gets sick, or goes on vacation, it can lessen the effectiveness of the manual control due to the dependency on human action.
What is the next step after documenting controls and assessing control risk?
-The next step is to test the controls, which will be the topic of the next lesson.