Why external auditors assess internal controls?

Auditors need to understand the overall business environment and controls implemented by the audit client. This enables them to assess the overall risk of material misstatement.

This assessment helps the auditor set scope of audit activities to be performed. For instance, if internal controls are weak, an auditor needs to plan extensive audit procedures to cover the risk. On the contrary, if internal controls implemented by the audit client are strong, limited procedures can be sufficient to cover the risk of material misstatement.

What is a control environment?

The control environment is a complete set of standard operating procedures and processes required to execute internal controls throughout the organization. The control environment reflects management attitude towards controls.

If top management of the company is interested and involved in the process of establishing a strong control environment, the audit client is said to have a strong control environment. This leads the auditor to rely on the controls implemented by the audit client.

The science is simple; if top management is committed to the internal controls, they are expected to set a tone and culture where everyone values internal controls. There are few chances that controls might be overlooked in this control environment. Hence, a strong control environment helps auditors rely on internal controls.

Impact of internal controls on sampling

The strength of internal controls is inversely proportional to the sample size. So, if internal controls are strong, the sampling size will be smaller. On the other hand, if internal controls are weak, the auditor needs to perform extensive audit procedures.

Suppose the risk of material misstatement is 3, and controls are strong. It means an assurance of 1 can be obtained from internal controls, and the remaining assurance of 2 can be obtained from the auditing procedures.

On the contrary, if the risk of material misstatement is 3 and controls are weak. It means no assurance can be obtained from internal controls. Hence, the auditor needs to obtain complete assurance of 3 from audit procedures. Hence, auditors need to perform extensive audit procedures to obtain assurance.

Why is control environment so important?

The control environment is the basis of internal controls. An effective internal control system cannot be implemented without an effective control environment. In fact, a control environment is a foundation for a system of internal controls.

What makes internal control effective?

Internal control is effective if it has the potential to mitigate the risk. The risk may be brought by the operations, products, financing, and other aspects of the business performance. For instance, bank reconciliation is only effective if the approving authority thoroughly reviews supportive evidence. Otherwise, the control may not be effective. Hence, control is only effective if the related risk is mitigated.

What are control activities?

It’s a name of control mechanism and procedures implemented by company management. The controls activities are implemented to control and manage the risk of material misstatement.

Further, control activities can be preventative, detective depending on the purpose of the operation.

Conclusion

Assessment of internal control enables the auditor to decide the extent of audit procedures to be performed. If controls are effective limited procedures can be sufficient to obtain audit evidence. On the other hand, if internal controls are weak, the auditor needs to perform extensive audit procedures to obtain sufficient and appropriate audit evidence.

Control environment refers to the attitude of strategic management towards controls. If top management is committed to the controls, there is expected to be a strong control environment and vice versa.

Further read on tothefinance.

Leave a Comment