-
Obtain understanding of entity's internal controls
-
3 techniques for documenting understanding of internal controls
1. Flowchart - diagram using set of standard symbols to represent the flow of information and documents
2. Narrative - written description of the auditor's understanding of internal controls
3. Questionnaire - set of yes or no questions with all no responses indicating potential control deficiencies -
If no - assess control risk at the max and go to step 6
If yes - go to step 4 -
2 reasons auditor would decide not to test the controls
1. Auditor believes controls will be ineffective
2. Auditor believes it would be too costly or time consuming -
Based on auditor's judgment
-
If control risk is assessed at the max document that control risk is assessed at the max but not the reason for doing so
If control risk is assessed below the max, document the reason/basis for that decision but not he exact level below the max -