COMM 455 Lecture Notes - Lecture 13: Risk Assessment

Internal controls: policies and procedures implemented and maintained by management to achieve objectives of entity. Auditor: have to understand, whether you rely on it or not: documentation and understand cycle talk with people, flowchart, narrative, answer icq (gain understanding) Approach judgement call that senior people make. Rely on control sample has to be bigger: combined approach (rely on control), gives us evidence we need, substantive controls don"t work, for each cycle, which one should be tested. Identify controls which can be relied upon (assertion) Sample risk control works when it doesn"t because you didn"t take large enough sample. Non-sample risk person did not understand what they were doing, wrong opinion. Operate, do they work: don"t have to be perfect, but can"t deviate a lot, find reasons for deviation within tolerable error. Doesn"t mean that there is a material error, but that control did not catch it. Audit risk low/med (financial stability, management integrity, number of users):