Chapter 12 Assessing Control Risk and Developing the Audit Strategy.docx
《Chapter 12 Assessing Control Risk and Developing the Audit Strategy.docx》由会员分享,可在线阅读,更多相关《Chapter 12 Assessing Control Risk and Developing the Audit Strategy.docx(21页珍藏版)》请在冰豆网上搜索。
Chapter12AssessingControlRiskandDevelopingtheAuditStrategy
BrowseLocation:
UnitedStates\PwCMaterial\Montgomery'sAuditing,TwelfthEdition\Part2:
TheoryandConcepts
PublishDate:
25June,2001
窗体顶部
窗体底部
12
AssessingControlRiskandDevelopingtheAuditStrategy
12.1PreliminaryAssessmentofControlRisk
12.2DevelopingtheAuditStrategy
(a)TailoringTestsofControlstothePreliminaryAssessment,
(a1)DecidingWhethertoTestMonitoringControls
(b)EfficiencyConsiderations,
(c)First-YearversusRecurringAudit
12.3PerformingTestsofControls
(a)SourcesofEvidenceandTechniquesUsedtoTestControls,
(b)TimelinessofEvidence,
(c)ContinuousOperationofControls,
(d)TestingComputerControls,
(e)Dual-PurposeTests,
(f)InterrelationshipofEvidence,
(g)EvaluatingtheResultsofTestsofControls,
12.4EffectofanEntity'sUseofaServiceOrganization
12.5DocumentingtheAssessmentofControlRiskandTestsofControls
BothStatementonAuditingStandards(SAS)No.47(AUSection312)andNo.55,asamendedbySASNo.78(AUSection319),requiretheauditortoassesscontrolrisktodeterminewhatlevelofdetectionriskisacceptableinanaudit.AssessingcontrolriskisdefinedinAUSection319.47asthe"processofevaluatingtheeffectivenessofanentity'sinternalcontrolinpreventingordetectingmaterialmisstatementsinthefinancialstatements."
Tobeeffective,internalcontrolmustbedesignedeffectivelyandmustoperateeffectively.Designeffectiveness,whichwasdiscussedinChapters10and11(Sections10.2and11.4,EvaluatingDesignEffectiveness),relatestowhetheracontrolissuitablydesignedtopreventordetectmaterialmisstatementsinspecificfinancialstatementassertions.Theauditorevaluatestheeffectivenessofthedesignofacontrolinconjunctionwithobtainingtheunderstandingofinternalcontrol.Operatingeffectivenessrelatestohowacontrolwasapplied,whetherithasbeenconsistentlyappliedthroughouttheperiod,andwhoappliedit.(Inthecontextoftheoperationofcontrols,thetermoperatingeffectivenessincorporatestheconceptofconsistent,orcontinuous,operation.)Forexample,anentity'sinternalcontrolmayincludeaneffectivelydesignedsystemforreportingpast-dueaccountsreceivable,butifthereportsarenotactedoninatimelymanner,thecontrolisnotoperatingeffectively.Toobtainevidenceoftheeffectiveoperationofcontrols,theauditorcarriesouttestsofthecontrols.
Controlriskshouldbeassessedintermsoffinancialstatementassertionsandcorrespondingauditobjectives,whichmeansthattheauditorshouldconsidercontrolsintermsofhowtheycontributetotheachievementofthoseobjectives.Theassessmentofcontrolrisktakesintoconsiderationcontrolsinallfivecomponentsofinternalcontrol,sincetheycollectivelyaddresstheentity'sfinancialstatementassertions.AsnotedinChapter9,thecontrolsinthosecomponentsareinterrelated.Forexample,someaspectsofthecontrolenvironmentaffecttheentity'sabilitytomaintainaneffectiveaccountingsystemandcontrolactivities,othersaffectmanagement'sabilitytomaketheinformedjudgmentsandestimatesnecessarytopreparefinancialstatements,andstillothersaffecttheentity'sabilitytoensurethatcontrolsremainappropriatetochangingconditionsovertimeandrestricttheopportunityformanagementfraud.Theauditorconsidersallthosecontrolsbothindividuallyandcollectivelyinassessingtheextenttowhichtheycontributetomeetingtheentity'sfinancialreportingobjectives.
Theeffectofcontrolsontheachievementoffinancialstatementassertionsorauditobjectivestendstovarywiththecontrolcomponent.Somecomponents,suchasthecontrolenvironmentandcertainmonitoringactivities,mayhaveapervasiveeffectonmanyaccountbalancesandclassesoftransactions,andonhowthoseaccountsandtransactionsareaudited.Forexample,theconclusionthatanentityhasadecentralizedorganizationalstructurewithaneffectiveinternalauditfunctionthatreportstotop,centralizedmanagement,mayaffecttheauditor'sdecisionaboutthenumberoflocationsatwhichtoperformauditingproceduresorwhethertoperformcertainproceduresinsomelocationsataninterimdate.Controlactivities,relatedaccountingprocedures,andactivity-levelmonitoringcontrols,ontheotherhand,areappliedatlower,moredetailedlevelsandhavemoredirecteffectsonspecificaccountbalances.
12.1PreliminaryAssessmentofControlRisk
Basedontheunderstandingofthevariouscomponentsofinternalcontrol,theevaluationoftheeffectivenessoftheirdesign,evidenceoftheeffectivenessoftheiroperationobtainedconcurrentlywithdevelopingtheunderstanding,andefficiencyconsiderations(discussedlater),theauditormakesapreliminaryassessmentofcontrolrisk.Thepreliminaryassessmentisthelevelofcontrolrisktheauditorexpectswillbesupportedbyevidencethatwillbeobtainedfromperformingtestsofcontrols.
Asapracticalmatter,theauditorusuallytestssomecontrols,particularlywithrespecttotheentity-levelcomponents,concurrentlywithdevelopingtheunderstandingofinternalcontrol.Forexample,onarecurringengagementwheretheauditorintendstotestcontrols,heorshemayupdatetheunderstandingofcontrolsandtestthemsimultaneouslybecauseitisefficienttodoso.Evenonanewengagement,proceduresdirectedatobtainingtheunderstandingofcontrolsalsomayproduceevidenceabouttheireffectiveoperation.
AUSection319.59citesthefollowingproceduresasanexampleoftestsofcontrolsperformedconcurrentlywithobtainingtheunderstanding:
inquiryaboutmanagement'suseofbudgets,observingmanagement'scomparisonofmonthlybudgetswithactualexpenses,andinspectingreportsoftheinvestigationofvariancesbetweenbudgetedandactualamounts.Althoughthoseauditingproceduresaredirectedatascertainingthedesignoftheentity'sbudgetingpoliciesandwhethertheyhavebeenplacedinoperation,theproceduresalsomayprovideevidenceabouttheeffectivenessoftheiroperationindetectingmaterialmisstatementsinclassifyingexpenses.Thisevidencewillinfluencetheauditor'sassessmentofcontrolriskforthepresentationanddisclosureobjectiverelatingtoexpensesintheincomestatement.
Anotherexampleofhowproceduresperformedinobtainingtherequiredunderstandingofcontrolsalsocanprovideevidenceoftheireffectiveoperationinvolvessegregationofduties.Inthecourseofunderstandingtheaccountingsystem,theauditorusuallyobserveswhetherresponsibilitiesforcashreceiptsanddepositsareadequatelysegregated.Indoingthis,theauditorwillatthesametimeobtainevidenceabouthoweffectivelytheseparationprocedureisoperating.Thisevidencewillinfluencetheauditor'sassessmentofcontrolriskfor,inthisinstance,theexistenceobjectiverelatingtocash.
Theauditormaymakeapreliminaryassessmentofcontrolriskatthemaximumlevel(thatis,100percent)forallorcertainauditobjectivesandproceeddirectlytosubstantiveteststoobtainassuranceforthoseauditobjectives.Inthisinstance,theauditorassumesthatcontrolriskis100percentanddoesnotseekevidencetorefutethatassumption.Inassessingcontrolriskatthemaximum,theauditorexpectseitherthatevidencetosupportalowerassessmentisnotavailableorthatitwouldnotbeefficienttotestcontrolstoobtaintheevidence.Ineithercase,alloftheauditor'sassurancethatrelevantauditobjectiveshavebeenmetmustcomefromsubstantivetests.
Inmostsituations,however,theauditorhasobtained,fromproceduresperformedinunderstandingcontrols,evidencethatsupportsapreliminaryassessmentofcontrolriskforcertainauditobjectivesandaccountbalancesthatisbelowthemaximumlevel.Thetermbelowthemaximumreferstoarangeofassessmentslowerthanmaximum,butnotlow.Thatrangecanbethoughtofasacontinuumalongwhichcontrolriskmaybeplacedaccordingtotheauditor'sprofessionaljudgmentaboutthecontrolcomponents,particularlythecontrolenvironment,includingtheorganizationofthefinanceandfinancialreportingfunctions;theaccountingsystem,includingthecomputerenvironment;andmonitoringactivities.Theauditoralsoconsiderspriorexperiencewiththeentityinarrivingatthatjudgment.Abelow-the-maximumassessmentindicatesthatonlymoderateassurancethatrelevantauditobjectiveshavebeenmetisneededfromsubstantivetests.Thatlevelofassurance,however,ordinarilywillrequirethattheauditorperformsubstantivetestsofdetails.
Insomesituations,theauditormaybelievethatacombinationoftestsofcontrolsperformedinobtainingorupdatingtheunderstandingandadditionalteststhatwillbeperformed,willprovidesufficientevidencetosupportanassessmentofcontrolriskatlow.Lowcontrolriskdescribesanassessmentthattheriskofmaterialmisstatementissufficientlylowthatthelevelofassurancerequiredfromsubstantivetestsisalsolow,inwhichcasesubstantivetestsmayberestrictedtoanalyticalprocedures.
Asdiscussedinthemainvolume,thepreliminaryassessmentofcontrolriskisthelevelofcontrolrisktheauditorexpectswillbesupportedbyevidencethatwillbeobtainedfromperformingtestsofcontrols.Thislevelcanbedescribedalternativelyasthelevelofreliancetheauditorplanstoplaceoninternalcontrol.Lookedatinthisway,iftheauditordecidestoplacenorelianceoncontrolsforallorcertainauditobjectives(i.e.,assumesthatcontrolriskisatmaximum),heorshewillproceeddirectlyt
升级会员 