CHAPTER 10

ASSESSING AND EVALUATING CONTROL RISKS

The third standard of fieldwork states: “The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.”

Consistent with the audit model introduced earlier, during the internal control phase, the auditor must determine whether controls appear to be in place to provide reasonable assurance that the financial data to be reported on is fairly stated.1 Depending on the results of this evaluation, the auditor decides the extent to which controls are to be tested to provide the “sufficient appropriate audit evidence.”

This chapter expands on the internal control evaluation process introduced earlier and provides a controls risk assessment model that has proved useful in the execution of audits. This chapter concludes the discussion of the control phase of an audit that began in Chapter 9. An important output of this phase of the audit is expanding on the audit planning and programs developed earlier and deciding on an audit approach supported by detailed audit programs. The detailed audit programs guide the execution of both tests of internal control and the substantive testing of accounts balances.

ASSESS CONTROL RISKS

The auditor must formally assess control risks, that is, the risks that a material misstatement could occur in a financial statement assertion and not be prevented or detected on a timely basis by the ...