The auditor obtains an understanding of the design and implementation of internal Control to make a preliminary assessment of control risk as part of the auditor’s overall Assessment of the risk of material misstatements. The auditor uses this preliminary assessment of control risk to plan the audit for each material class of transactions. However, in some instances the auditor may learn that the control deficiencies are significant such that the client’s financial statements may not be auditable. So, before making a preliminary assessment of control risk for each material class of transactions, the auditor must first decide whether the entity is auditable. Two primary factors determine auditability: the integrity of management and the ade - quacy of accounting records. If management lacks integrity, most auditors will not accept the engagement. The accounting records are an important source of audit evidence for most audit objectives. If the accounting records are deficient, necessary audit evidence may not be available. For example, if the client has not kept duplicate sales invoices and vendors’ invoices, it is usually impractical to do an audit. In complex IT environments, much of the transaction information is available only in electronic form without generating a visible audit trail of documents and records. In that case, the company is usually still auditable; however, auditors must assess whether they have the necessary skills to gather evidence that is in electronic form and can assign personnel with adequate IT training and experience. After obtaining an understanding of internal control, the auditor makes a preliminary assessment of control risk as part of the auditor’s overall assessment of the risk of material misstatement. This assessment is a measure of the auditor’s expectation that internal controls will prevent material misstatements from occurring or detect and correct them if they have occurred. The starting point for most auditors is the assessment of entity-level controls. By nature, entity-level controls, such as many of the elements contained in the control environment, risk assessment, and monitoring components, have an overarching impact on most major types of transactions in each transaction cycle. For example, an ineffective board of directors or management’s failure to have any process to identify, assess, or manage key risks, has the potential to undermine controls for most of the transaction-related audit objectives. Thus, auditors generally assess entity-level controls before assessing transaction specific controls. Once auditors determine that entity-level controls are designed and placed in operation, they next make a preliminary assessment for each transaction-related audit objective for each major type of transaction in each transaction cycle. For example, in the sales and collection cycle, the types of transactions usually involve sales, sales returns and allowances, cash receipts, and the provision for and write-off of uncollectible accounts. The auditor also makes the preliminary assessment for controls affecting audit objectives for balance sheet accounts and presentations Many auditors use a control risk matrix to assist in the control risk assessment process at the transaction level. The purpose is to provide a convenient way to organize assessing control risk for each audit objective. the control risk matrix for transaction-related audit objectives, auditors use a similar control risk matrix format to assess control risk for balance-related and presentation and disclosure-related audit objectives. Identify Audit Objectives
The first step in the assessment is to identify the audit objectives for classes of transactions, account balances, and presentation and dis closure to which the assessment applies. For example, this is done for classes of transactions by applying the specific transaction-related audit objectives introduced earlier, which were stated in general...
Please join StudyMode to read the full document