Chapter 12 Assessing Control Risk and Developing the Audit StrategyWord文件下载.docx

Chapter 12 Assessing Control Risk and Developing the Audit StrategyWord文件下载.docx

《Chapter 12 Assessing Control Risk and Developing the Audit StrategyWord文件下载.docx》由会员分享，可在线阅读，更多相关《Chapter 12 Assessing Control Risk and Developing the Audit StrategyWord文件下载.docx（21页珍藏版）》请在冰豆网上搜索。

25June,2001

窗体顶部

窗体底部

12

AssessingControlRiskandDevelopingtheAuditStrategy

12.1PreliminaryAssessmentofControlRisk 

12.2DevelopingtheAuditStrategy 

（a）TailoringTestsofControlstothePreliminaryAssessment, 

（a1）DecidingWhethertoTestMonitoringControls

（b）EfficiencyConsiderations, 

（c）First-YearversusRecurringAudit

12.3PerformingTestsofControls 

（a）SourcesofEvidenceandTechniquesUsedtoTestControls, 

（b）TimelinessofEvidence, 

（c）ContinuousOperationofControls, 

（d）TestingComputerControls, 

（e）Dual-PurposeTests, 

（f）InterrelationshipofEvidence, 

（g）EvaluatingtheResultsofTestsofControls, 

12.4EffectofanEntity'

sUseofaServiceOrganization 

12.5DocumentingtheAssessmentofControlRiskandTestsofControls 

BothStatementonAuditingStandards（SAS）No.47（AUSection312）andNo.55,asamendedbySASNo.78（AUSection319）,requiretheauditortoassesscontrolrisktodeterminewhatlevelofdetectionriskisacceptableinanaudit.AssessingcontrolriskisdefinedinAUSection319.47asthe"

processofevaluatingtheeffectivenessofanentity'

sinternalcontrolinpreventingordetectingmaterialmisstatementsinthefinancialstatements."

Tobeeffective,internalcontrolmustbedesignedeffectivelyandmustoperateeffectively.Designeffectiveness,whichwasdiscussedinChapters10and11（Sections10.2and11.4,EvaluatingDesignEffectiveness）,relatestowhetheracontrolissuitablydesignedtopreventordetectmaterialmisstatementsinspecificfinancialstatementassertions.Theauditorevaluatestheeffectivenessofthedesignofacontrolinconjunctionwithobtainingtheunderstandingofinternalcontrol.Operatingeffectivenessrelatestohowacontrolwasapplied,whetherithasbeenconsistentlyappliedthroughouttheperiod,andwhoappliedit.（Inthecontextoftheoperationofcontrols,thetermoperatingeffectivenessincorporatestheconceptofconsistent,orcontinuous,operation.）Forexample,anentity'

sinternalcontrolmayincludeaneffectivelydesignedsystemforreportingpast-dueaccountsreceivable,butifthereportsarenotactedoninatimelymanner,thecontrolisnotoperatingeffectively.Toobtainevidenceoftheeffectiveoperationofcontrols,theauditorcarriesouttestsofthecontrols.

Controlriskshouldbeassessedintermsoffinancialstatementassertionsandcorrespondingauditobjectives,whichmeansthattheauditorshouldconsidercontrolsintermsofhowtheycontributetotheachievementofthoseobjectives.Theassessmentofcontrolrisktakesintoconsiderationcontrolsinallfivecomponentsofinternalcontrol,sincetheycollectivelyaddresstheentity'

sfinancialstatementassertions.AsnotedinChapter9,thecontrolsinthosecomponentsareinterrelated.Forexample,someaspectsofthecontrolenvironmentaffecttheentity'

sabilitytomaintainaneffectiveaccountingsystemandcontrolactivities,othersaffectmanagement'

sabilitytomaketheinformedjudgmentsandestimatesnecessarytopreparefinancialstatements,andstillothersaffecttheentity'

sabilitytoensurethatcontrolsremainappropriatetochangingconditionsovertimeandrestricttheopportunityformanagementfraud.Theauditorconsidersallthosecontrolsbothindividuallyandcollectivelyinassessingtheextenttowhichtheycontributetomeetingtheentity'

sfinancialreportingobjectives.

Theeffectofcontrolsontheachievementoffinancialstatementassertionsorauditobjectivestendstovarywiththecontrolcomponent.Somecomponents,suchasthecontrolenvironmentandcertainmonitoringactivities,mayhaveapervasiveeffectonmanyaccountbalancesandclassesoftransactions,andonhowthoseaccountsandtransactionsareaudited.Forexample,theconclusionthatanentityhasadecentralizedorganizationalstructurewithaneffectiveinternalauditfunctionthatreportstotop,centralizedmanagement,mayaffecttheauditor'

sdecisionaboutthenumberoflocationsatwhichtoperformauditingproceduresorwhethertoperformcertainproceduresinsomelocationsataninterimdate.Controlactivities,relatedaccountingprocedures,andactivity-levelmonitoringcontrols,ontheotherhand,areappliedatlower,moredetailedlevelsandhavemoredirecteffectsonspecificaccountbalances.

12.1PreliminaryAssessmentofControlRisk

Basedontheunderstandingofthevariouscomponentsofinternalcontrol,theevaluationoftheeffectivenessoftheirdesign,evidenceoftheeffectivenessoftheiroperationobtainedconcurrentlywithdevelopingtheunderstanding,andefficiencyconsiderations（discussedlater）,theauditormakesapreliminaryassessmentofcontrolrisk.Thepreliminaryassessmentisthelevelofcontrolrisktheauditorexpectswillbesupportedbyevidencethatwillbeobtainedfromperformingtestsofcontrols.

Asapracticalmatter,theauditorusuallytestssomecontrols,particularlywithrespecttotheentity-levelcomponents,concurrentlywithdevelopingtheunderstandingofinternalcontrol.Forexample,onarecurringengagementwheretheauditorintendstotestcontrols,heorshemayupdatetheunderstandingofcontrolsandtestthemsimultaneouslybecauseitisefficienttodoso.Evenonanewengagement,proceduresdirectedatobtainingtheunderstandingofcontrolsalsomayproduceevidenceabouttheireffectiveoperation.

AUSection319.59citesthefollowingproceduresasanexampleoftestsofcontrolsperformedconcurrentlywithobtainingtheunderstanding:

inquiryaboutmanagement'

suseofbudgets,observingmanagement'

scomparisonofmonthlybudgetswithactualexpenses,andinspectingreportsoftheinvestigationofvariancesbetweenbudgetedandactualamounts.Althoughthoseauditingproceduresaredirectedatascertainingthedesignoftheentity'

sbudgetingpoliciesandwhethertheyhavebeenplacedinoperation,theproceduresalsomayprovideevidenceabouttheeffectivenessoftheiroperationindetectingmaterialmisstatementsinclassifyingexpenses.Thisevidencewillinfluencetheauditor'

sassessmentofcontrolriskforthepresentationanddisclosureobjectiverelatingtoexpensesintheincomestatement.

Anotherexampleofhowproceduresperformedinobtainingtherequiredunderstandingofcontrolsalsocanprovideevidenceoftheireffectiveoperationinvolvessegregationofduties.Inthecourseofunderstandingtheaccountingsystem,theauditorusuallyobserveswhetherresponsibilitiesforcashreceiptsanddepositsareadequatelysegregated.Indoingthis,theauditorwillatthesametimeobtainevidenceabouthoweffectivelytheseparationprocedureisoperating.Thisevidencewillinfluencetheauditor'

sassessmentofcontrolriskfor,inthisinstance,theexistenceobjectiverelatingtocash.

Theauditormaymakeapreliminaryassessmentofcontrolriskatthemaximumlevel（thatis,100percent）forallorcertainauditobjectivesandproceeddirectlytosubstantiveteststoobtainassuranceforthoseauditobjectives.Inthisinstance,theauditorassumesthatcontrolriskis100percentanddoesnotseekevidencetorefutethatassumption.Inassessingcontrolriskatthemaximum,theauditorexpectseitherthatevidencetosupportalowerassessmentisnotavailableorthatitwouldnotbeefficienttotestcontrolstoobtaintheevidence.Ineithercase,alloftheauditor'

sassurancethatrelevantauditobjectiveshavebeenmetmustcomefromsubstantivetests.

Inmostsituations,however,theauditorhasobtained,fromproceduresperformedinunderstandingcontrols,evidencethatsupportsapreliminaryassessmentofcontrolriskforcertainauditobjectivesandaccountbalancesthatisbelowthemaximumlevel.Thetermbelowthemaximumreferstoarangeofassessmentslowerthanmaximum,butnotlow.Thatrangecanbethoughtofasacontinuumalongwhichcontrolriskmaybeplacedaccordingtotheauditor'

sprofessionaljudgmentaboutthecontrolcomponents,particularlythecontrolenvironment,includingtheorganizationofthefinanceandfinancialreportingfunctions;

theaccountingsystem,includingthecomputerenvironment;

andmonitoringactivities.Theauditoralsoconsiderspriorexperiencewiththeentityinarrivingatthatjudgment.Abelow-the-maximumassessmentindicatesthatonlymoderateassurancethatrelevantauditobjectiveshavebeenmetisneededfromsubstantivetests.Thatlevelofassurance,however,ordinarilywillrequirethattheauditorperformsubstantivetestsofdetails.

Insomesituations,theauditormaybelievethatacombinationoftestsofcontrolsperformedinobtainingorupdatingtheunderstandingandadditionalteststhatwillbeperformed,willprovidesufficientevidencetosupportanassessmentofcontrolriskatlow.Lowcontrolriskdescribesanassessmentthattheriskofmaterialmisstatementissufficientlylowthatthelevelofassurancerequiredfromsubstantivetestsisalsolow,inwhichcasesubstantivetestsmayberestrictedtoanalyticalprocedures.

Asdiscussedinthemainvolume,thepreliminaryassessmentofcontrolriskisthelevelofcontrolrisktheauditorexpectswillbesupportedbyevidencethatwillbeobtainedfromperformingtestsofcontrols.Thislevelcanbedescribedalternativelyasthelevelofreliancetheauditorplanstoplaceoninternalcontrol.Lookedatinthisway,iftheauditordecidestoplacenorelianceoncontrolsforallorcertainauditobjectives（i.e.,assumesthatcontrolriskisatmaximum）,heorshewillproceeddirectlyt