[spqr105]

I’m kind of confused in the Becker AUD lecture about something in the Risk Assessment/Internal Control portion. It states that the Auditor must assess the risk of material misstatement which includes an assessment of internal controls. Yet it states that control testing doesn’t take place until after the risk is assessed and has been responded to. It explicitly states that control risk must be assessed based on tests of controls. So why is Becker stating that one must make a risk assessment before control testing? This is embodied in their “IMACPA” mnemonic. The “M” pertains to assessing the risk of material misstatement which includes the assessment of control risk. While the “C” pertains to Control testing. How could the control testing possibly occur after the risk assessment? This seems kind of contradictory to me and has been causing me a great amount of confusion. Can someone please clarify this process for me. Thank you.

[spqr105]

Exactly, the Risk Assessment is done before Tests of Controls are performed. So why does the question state that Tests of Controls were a step in making the Risk Assessment?

The following selections take place prior to the Risk Assessment being made:

B) Obtaining an understanding of the entity's accounting system and control environment and

D) Considering whether control activities can have a pervasive effect on financial statement assertions.

but the Test of Controls stated in selection “A” occurs after the Risk Assessment is made so I'm completely confused.

[suzzette1]

The question is asking for a test of “CONTROL” not a RANKING on what comes first in risk assessment. Read the question again and you will find the clue.

“An auditor's risk assessment is based on the assumption that CONTROLS are operating effectively. Which of the following was NOT a step in making this assessment?”

It means that the auditor has already done test of internal controls and found it operating effectively These steps includes A, B and D (all test of controls). The step which is NOT a test of control in making this assessment is C (test of details which is a substantive test). Hope this help.

BEC 2/8/10 - 75 (studied hard & prayed less)
REG 5/15/10 - 88 (studied less but prayed hard)
AUDITING 8/9/10 - 79 (studied hard and prayed hard)
FAR 11/30/10 - 79 (studied hard and prayed hard) Thanks GOD! I'm DONE

[spqr105]

I understand that it's not asking for the sequence but it still doesn't change the fact that Tests of Controls aren't part of determining Risk Assessment since they occur after Risk Assessment. “C” is obviously the least correct answer since it's a substantive procedure but I still don't believe that “A” should be specified as being a process in Risk Assessment since it doesn't occur until after a Risk Assessment has already been made. I submitted the question to a friend of mine who's been an auditor for a number of years and he stated that the thinks the questions is poorly worded or incorrect. Anyone else have a view on it?

[75 CPA]

Tests of Controls =

1. Do the procedures work?

2. Do the controls work?

3. Operating effectiveness of controls?

4. Inspection of documents

[jaime.usey]

I think you are confusing yourself on the words the question is using. It asks about “Risk Assessment”. Risk assessment is a step that you do in order to obtain an understanding of the entity and its internal control. After doing the original “risk assessment”, you have now given yourself the ability to adequately “Assess the Risk of Material Misstatement” (CR x IR). During this “risk assessment” (that is of material misstatement, not overall), you must determine whether you feel control risk is weak or strong. If it is strong, you then perform test of controls.

So based on the question:

“An auditor's risk assessment (apart of the initial “obtain an understanding of the entity and its internal control in order to design both assess the “risk of material mistatement” and to design further audit procedures such as “test of controls”) is based on the assumption that controls are operating effectively. Which of the following was not a step in making this assessment?”

a) Evaluate the effectiveness of the internal controls with test of controls. – (This must be true if he can state they do in fact operate effectively. This step was done in the assessing the risk of material mistatment. The auditor must have wanted to place some reliance on the controls in place because he thought they were strong and performed this evaluation.)

b) Obtain an understanding of the entity's accounting system and control environment.- (This is the premise for the original risk assessment. This allows us to have a better understanding to be able to assess the “risk of material misstatement” (CR x IR)

c) Perform tests of details of transactions to detect material misstatements in the financial statements. (This is no where in determining controls are operating effectively)

d) Consider whether control activities can have a pervasive effect on financial statement assertions.(This is apart of the “risk of material misstatement”

You are correct in stating that “test of controls” occur after the original “obtaining an understanding of the entity and its internal controls (the original Risk assessment is included in this step), however you are doing this step in order to be able to assess the “risk of material misstatement” which involves assessing “Control Risk and Inherent Risk”. Which then will determine whether or not you “Test Controls” based off the level of reliance on the controls in place.

While this is pretty wordy….I hope this makes better sense, because it helped me make better sense of it….;)

[Author]

Replies