AUDITING

NYAK SHAFIKA RAY

2101103010152

Assessing Control Risk and Reporting on Internal Controls

The internal control questionnaire serves as a crucial tool in the audit process, presenting a
series of inquiries about controls within each audit area to uncover potential deficiencies in
internal control systems. This assessment is integral to the auditor's evaluation of the
likelihood that internal controls can effectively prevent internal misstatements or detect and
correct them if they occur. To initiate this evaluation, the auditor conducts an initial
assessment of materiality for each transaction-related audit purpose within each major
transaction type of the transaction cycle.

Identifying Audit Objectives:

The first step in this assessment process involves identifying the specific audit objectives for
the transaction group, relevant accounts, and the presentation and disclosures applied in the
evaluation. This step lays the foundation for understanding the goals and requirements
associated with each audit area.

Identifying and Evaluating Control Deficiencies:

The auditor strives to identify and assess control deficiencies by employing a systematic
approach. A material weakness emerges when a significant deficiency, either independently
or in conjunction with another significant deficiency, presents more than a small possibility
that internal controls cannot prevent or detect material misstatements in the financial
statements. This identification process encompasses three levels—deficiencies, significant
deficiencies, and material weaknesses.

A five-step approach is employed to pinpoint significant deficiencies. Substitute controls,

which exist in a system to cover key control weaknesses, are considered in this evaluation.
The auditor evaluates the likelihood of misstatements and their materiality to determine the
existence of significant deficiencies or material weaknesses. This step is crucial for
identifying specific misstatements likely to result from significant deficiencies or material
weaknesses.

Control Testing Scope:

The extent of control testing is contingent upon the initial assessment of control risk. To
lower the risk assessment of controls, a comprehensive examination of controls is conducted,
along with a detailed assessment of each control's effectiveness. Controls associated with
significant risks, which are risks requiring special audit consideration, are subjected to
testing. If the auditor plans to rely on these controls to support an initial assessment of control
risks below 100%, testing becomes imperative.

It is important to note the distinction between the timing of management's report on internal
control, which pertains to the effectiveness of internal control at the fiscal year-end, and
control testing, which is applied when the assessed control risk is not met by the procedures
undertaken to gain an understanding. This necessitates strategic planning to ensure a seamless
and effective audit process.

Completion Activities and Communication:

Upon the completion of these activities, the audit of internal control over financial reporting
is considered adequate. However, it is crucial to emphasize that the reporting on internal
control cannot be finalized until the auditor completes the audit of the financial statements.
Communication is a key aspect of the process and significant deficiencies, and material
weaknesses are communicated in writing to those charged with governance, typically the
audit committee and management.

In addition to addressing significant issues, auditors often identify less significant matters
related to internal control and provide opportunities for clients to enhance operational
efficiency and effectiveness. This comprehensive communication ensures that stakeholders
are informed not only about critical deficiencies but also about potential areas for
improvement.
Auditor's Report on Internal Control:

The auditor's report on internal control comprises two essential opinions that are fundamental
to providing a comprehensive evaluation. The first opinion revolves around the
reasonableness of management's assessment of the effectiveness of internal control over
financial reporting as of the fiscal year-end. The second opinion delves into whether the
company has, in all material respects, maintained effective internal control over financial
reporting.

To reach these opinions, the audit process involves a multifaceted approach, including
inquiries, document examination, observation of control-related activities, and the
reperformance of audit procedures. The results of this assessment are consolidated into a
written description of the client's internal controls, which can take the form of a narrative,
flowchart, or internal control questionnaire. This report delineates the origin, processing, and
disposition of every document in the system, highlighting the controls relevant to the
assessment of control risk. Additionally, the report identifies any internal control deficiencies
and offers recommendations to mitigate associated risks, ensuring a comprehensive and
informative audit report.