3.2 Auditor's Consideration of Internal Controls

Let's talk audit and assurance!
15 Jul 202426:31

Summary

TLDRThis video discusses the role of external auditors in evaluating internal controls during an audit. It covers the process of understanding, assessing, and documenting internal controls, with a focus on control risk. The auditor must decide whether to rely on controls or perform substantive testing based on the effectiveness of the controls. The script also addresses the identification and reporting of internal control deficiencies, emphasizing professional judgment and communication with management and governance. Finally, it highlights the importance of considering control deficiencies in the context of financial reporting, not internal controls audits.

Takeaways

  • 😀 External auditors consider internal controls as part of the audit process, but they do not give an opinion on the internal controls themselves.
  • 😀 The auditor's audit risk model involves setting desired audit risk, assessing inherent risk, control risk, and determining acceptable detection risk for effective testing.
  • 😀 To assess control risk, auditors must first understand and document internal controls, including evaluating design and implementation, and then assess whether they can rely on the controls.
  • 😀 If controls are not reliable (e.g., poorly designed or not implemented), control risk is set to maximum, leading to extensive substantive testing.
  • 😀 If controls are reliable, auditors assess whether testing the controls is cost-effective, and based on that, they either perform test of controls or proceed with substantive testing.
  • 😀 The auditor performs risk assessment procedures such as inquiry, inspection, and observation, and may use walkthrough tests to understand internal controls.
  • 😀 The documentation of internal controls can take various forms, including checklists, flowcharts, or narrative descriptions, depending on the complexity of the controls.
  • 😀 Internal control deficiencies arise when controls are poorly designed or entirely missing, and auditors use professional judgment to decide which deficiencies to report.
  • 😀 Significant deficiencies or material weaknesses must be reported to those charged with governance in writing, along with descriptions and potential effects of the deficiencies.
  • 😀 While auditors must report significant deficiencies in writing, they can communicate orally if time is of the essence, but the written report must be comprehensive and clear in context.
  • 😀 Auditors assess the relationship between the risk of material misstatement and detection risk, with lower detection risk leading to more persuasive audit procedures and higher detection risk allowing for less extensive testing.

Q & A

  • What is the primary focus of this lecture series?

    -The primary focus of this lecture series is on the auditor's consideration of internal controls, specifically from the external auditor's perspective, assessing control risk and understanding how internal controls influence the audit process.

  • How does an auditor assess control risk during an audit?

    -An auditor assesses control risk by first obtaining an understanding of the entity’s internal control system, evaluating its design and implementation, and then deciding whether to rely on these controls. If the auditor intends to rely on them, they assess the cost-effectiveness of testing the controls. Based on this assessment, control risk is either set at a maximum or below maximum, which then impacts the level of substantive testing required.

  • What are the main stages of evaluating internal controls as described in the lecture?

    -The main stages include: 1) Obtaining an understanding of internal controls, 2) Assessing the preliminary level of control risk, 3) Obtaining evidence to support the assessment, 4) Evaluating the results of this evidence to finalize the control risk assessment, and 5) Determining the acceptable level of detection risk based on the control risk assessment.

  • What is the difference between inquiry, inspection, and observation in the context of assessing internal controls?

    -Inquiry involves asking questions to understand how internal controls are designed and implemented. Inspection refers to reviewing documentation or physical evidence to verify the presence and effectiveness of controls. Observation involves watching processes or activities to assess whether the controls are functioning in practice.

  • What does the term 'test of controls' mean, and when is it necessary?

    -A 'test of controls' refers to audit procedures performed to evaluate the operating effectiveness of internal controls. It is necessary when the auditor decides to rely on the controls as part of their audit approach. These tests help the auditor gather evidence to determine if control risk can be assessed below maximum.

  • What happens if the auditor determines that the design of internal controls is not reliable?

    -If the auditor determines that the design of internal controls is unreliable or that it has not been implemented properly, they will assess control risk at the maximum and perform extensive substantive testing. No test of controls would be needed in this case.

  • What are the five components of internal controls that the auditor is required to understand?

    -The five components of internal controls the auditor must understand are: 1) The control environment, 2) Risk assessment, 3) Control activities, 4) Information and communication, and 5) Monitoring.

  • What is a significant deficiency in internal control?

    -A significant deficiency is a weakness or a combination of weaknesses in the internal control system that, in the auditor’s professional judgment, is of sufficient importance to warrant the attention of those charged with governance. These deficiencies need to be communicated to management and governance.

  • What is the auditor’s responsibility when they identify a deficiency in internal controls?

    -When an auditor identifies a deficiency in internal controls, they must communicate any significant deficiencies or material weaknesses to those charged with governance. The communication must be in writing and include a description of the deficiencies, their potential effects, and sufficient information for understanding the context of the communication.

  • How does the auditor decide whether to report deficiencies in internal controls?

    -The auditor uses professional judgment to determine whether a deficiency should be reported. The decision is based on whether the deficiency is considered significant or a material weakness. Only deficiencies that meet these criteria are communicated in writing to those charged with governance, though preliminary oral communication may occur if timely action is needed.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Browse More Related Video

The Financial Statement Audit

[MEET 12] ETIKA PROFESI & TATA KELOLA KORPORASI - PERAN & TANGGUNG JAWAB AUDITOR

Substantive Procedures

Pengendalian Intern

Tests of Controls

Internal Auditor Interview Question 1

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Audit RiskInternal ControlsControl RiskFinancial StatementsAudit PlanningSubstantive TestingISA 265Deficiency ReportingAudit ProcessRisk AssessmentExternal Auditors