AUDIT

STRATEGY
Internal Control-Obtaining an Understanding

Juvilene Mae Alido

The auditor uses a variety of techniques to decide how
much relative reliance to place on controls and
substantive tests in gathering evidence.

Auditor identifies controls  makes decision as to how

these controls affect related substantive test.
 Definition (Taylor and Glezen)
AUDIT the relative emphasis the auditor
places on controls and substantive
STRATEGY tests in gathering evidence.
  In auditing the existence of inventory and the
occurrence of inventory transactions, it may be
necessary to rely heavily on inventory controls
because the volume of transactions make it
difficult to audit every transaction.
EXAMPLE  Conversely, the existence of long-term debt
may be audited efficiently by exclusive use of
substantive tests because the volume of
transaction is often small; controls need not to
be tested in this case.
  Primarily substantive approach – the auditor
gathers all or most of the evidence using substantive
tests, and little or no reliance placed on the controls.
Two
Alternative
 Lower control risk approach – the auditor places
Audit moderate or considerable reliance on controls and as a
Strategies result, performs relatively few substantive tests.
 Reasons for using the Primarily Substantive
Approach
Primarily
substantive There are few (if any) internal control policies or
procedures that are relevant.
approach The internal controls policies or procedures relating to
assertions for significant accounts and classes of
transactions are ineffective
Heavy reliance on substantive tests is more efficient
for a particular assertion.
Understanding Internal Control
The auditor devotes less effort to obtaining an understanding of internal control.
Nevertheless, some basic knowledge must be acquired to design substantive tests,
and the understanding of internal control must be documented in the workpapers.
Assessing Control Risk
When this approach is used for one or more assertions, the control risk will be
assessed at or near the maximum level.

Assessment must be documented regardless of its level:

• At maximum – document this fact
• Below maximum – the basis or reason for the assessment must be documented.
Designing Substantive Tests
After the auditor assesses control risk and decides on the planned level of
substantive tests for the assertion, these tests are designed. Decisions are made
on the:
 Nature – which tests
 Timing – when to perform them
 Extent- how much
 
Of the related substantive tests for each appropriate assertion on which the
auditor assessed control risk.
 Obtain an understanding of relevant
internal control policies and
procedures—document the
understanding

Assess control risk at the maximum Or Assess control risk at slightly less than
level if the evidence calls for this the maximum level if the evidence
assessment. calls for this assessment.

Consider the level of control risk

THE PRIMARILY
If the level of control risk supports the If the level of control risk does not
SUBSTANTIVE
planned level of substantive test, Or support the planned level of
substantive test, APPROACH
 

Revise the planned level of

substantive test,
Document the assessment of control
risk, and
Document the revised assessment of
control risk, and

Design the planned nature, timing and

extent of substantive tests.
Design the revised nature, timing and
extent of substantive tests.
 Reasons for using the Lower Control Risk
Approach
The primary reason is increased audit
efficiency. For certain assertions, the internal
The Lower control may consist of elaborate policies and
Control Risk procedures which makes this approach more
Approach cost-beneficial.
  One example of audit efficiency is a well-
designed and efficiently operated perpetual
inventory system that provides support for
existence assertion. The auditor plans to
conduct the necessary test of controls to assess
EXAMPLE control risk from this assertion at minimum.
 The auditor will consider the nature and
location of the assets and the related records
must be examined
 Obtain an understanding of relevant control policies and
procedures – document this understanding.

Flowchart of the Perform tests of controls necessary to support a lower planned

level of control risk.

Lower Control Assess control risk (usually at moderate or low level if the
preceding procedures support it)

Risk Approach
Is it likely that the additional evidence can be obtained to No
No
support a further reduction in the assessed level of control risk
and is it efficient to do so?

Yes

Perform additional test of controls – reassess the level of

control risk and decide whether that level of control risk
supports the planned level of substantive tests.

If the level of control risk supports the planned Or If the level of control risk does not support the
level of substantive tests, planned level of substantive tests

Revise the planned level of substantive test

Document the assessment of control risk and Document the revised assessment of control risk and
the basis for that assessment, and the basis for that assessment, and

Design the planned nature, timing, and extent Design the revised nature, timing, and extent of
of substantive test. substantive test.