-
Obtain understanding of entity's internal controls
Obtain understanding of entity's internal controls -
Document this understanding
3 techniques for documenting understanding of internal controls
1. Flowchart - diagram using set of standard symbols to represent the flow of information and documents
2. Narrative - written description of the auditor's understanding of internal controls
3. Questionnaire - set of yes or no questions with all no responses indicating potential control deficiencies -
Determine if you want to rely on the internal controls
If no - assess control risk at the max and go to step 6
If yes - go to step 4 -
Test the controls
2 reasons auditor would decide not to test the controls
1. Auditor believes controls will be ineffective
2. Auditor believes it would be too costly or time consuming -
Based on results of tests of controls, determine control risk
Based on auditor's judgment -
Document control risk
If control risk is assessed at the max document that control risk is assessed at the max but not the reason for doing so
If control risk is assessed below the max, document the reason/basis for that decision but not he exact level below the max -
Based on assessed level of control risk, plan and perform substantive tests