RISK RISK CONCLUSION & AUDITOR'S

ASSESSMENT RESPONSE REPORTING REPORT

(7) Responding to (12) Completing the audit &

(1) Performing preliminary engagement assessed risks considering post audit responsibilities
activities (8) Determining the (13) Forming the auditor's opinion &
(2) Planning the audit extend of testing report content
(3) Determining materiality (9) Considering fraud, (14) Performing and reporting on
(4)Understanding the Entity & error and NOCLAR specialized audit engagement
Environment (10) Considering work of
(5) Understanding Internal Control other practitioner
(6) Identifying & assessing Risk of (11) Considering certain
Material Misstatement (ROMM) F/S items

Nature of Internal Control

PSA 315
*Internal control is a process
*Internal control is effected by those charged with governance, management and other personnel
*Internal control be expected to provide assurance of achieving the entity's objectives
Only reasonable assurance because of limitations:
i. cost of internal control exceeds the benefits
ii. Most internal controls tend to be directed at routine transactions rather than non-routine transactions
iii. The potential for human error due to carelessness, distraction, mistakes of judgment and the misunderstanding of instructions;
iv. The possibility of circumvention of internal controls through the collusion among employees
v. possibility of management overriding the internal control
vi. Possibility that the procedures may become inadequate due to changes in conditions, and compliance with procedures may deteriorate
*Internal control is designed to help achieve the entity's objectives.
Operational Objective- effectiveness and efficiency of operations
Compliance Objective- compliance with relevant laws and regulations
Financial Reporting Objective- reliability of financial reporting

In audit of FS, auditor is only concern of those that are relevant to the FS assertions.

Components of internal control

C Control Activities
R Risk Assessment
I Information and communciation systems
M Monitoring
E Control Environment

Consideration of Internal Control

Obtaining understanding of the internal control

about:
evaluating the design of a control (inquiries, inspecting documents and records, observing entity's activities and operations)
determining whether it has been implemented (walkthrough test)

Documenting the auditor's understanding of internal control

-need not be in any particular form.
-may vary depending on the size and complexity of the entity's internal control
Commonly used forms:
Narrative description of the entity's internal control
Flowchart that diagrams the flow of transactions and documents
Internal control questionnaire with responses from management
Assessmnent of Control Risk
Performing test of controls (only do this if you want to rely on the control) TOC
i. Inquiry of entity personnel
ii. Observation of Internal Control application
iii. Inspection of document
iv. Walkthrough/ Reperformance

CR high CR low
Nature use more persuasive test use less persuasive test
Extend test more test less
Timing test at balance sheet date test at interim dates

Implementation vs Effectiveness

determine if relevant controls exists obtain audit evidence that control operates effectively
entity is actually using the control in the knowing how controls were applied at relevant times during the period
design consistency with which they were applied

Documenting the assessed level of control risk *implementation

after evaluating the results of test of controls, document his assessment of control risk

CR at High level CR at less than High level

1. Understanding of internal control Required Required
2. Conclusion Required Required
3. Basis for the Conclusion Not Required Required

Communication of significant deficiencies in Internal Control

auditor may become aware of significant deficiencies
communicate in writing before or after the auditor's report on FS
may communicate these orrally in first instance to management or TCWG - but still put it in writing
*effectiveness