Confused about where controls fall into the audit process

  • Creator
    Topic
  • August 25, 2013 at 3:49 pm #179880
    barelystayingsane
    Member

    I’m using Becker, and they have their IM A CPA mnemonic for the audit process. I’m very confused about where internal controls fits into this mnemonic. So first you obtain an understanding of the knowledge of the internal controls (that’s the I), and then later you’re supposed to evaluate the design and implementation of the internal controls (which Gearty said was in the M). Then based on those two, you’re supposed to assess control risk? And then in the C, you determine the operating effectiveness of the controls by testing them? Is that correct?

    Why wouldn’t you test the operating effectiveness of controls before setting the control risk? And how is evaluating the design and implementation of internal controls different from testing the controls?

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Author
    Replies
  • August 25, 2013 at 5:24 pm #434234
    Anonymous
    Inactive

    The order you listed is right.

    Q: Why wouldn't you test the operating effectiveness of controls before setting the control risk?

    A: If control risk is assessed at the maximum(not operating effectively) there is no point testing controls since it is a waste of time and money. In that situation you jump directly into substantive testing.

    Q: And how is evaluating the design and implementation of internal controls different from testing the controls?

    The design and implementation of control is whether management has placed those controls into operation. The testing of controls determine whether it was operating effectively.

    I think for the second question, I think of it like this. You can install an antivirus program on your computer (implementation). But detecting and preventing virus(operating) is a different story.

    August 26, 2013 at 12:37 am #434235
    barelystayingsane
    Member

    Thank you! That was really helpful! So I have one other question relating to this for anybody out there: how is evaluating the design and implementation of internal control different than obtaining an understanding and knowledge of internal control? Becker makes it seem like they're two different steps.

    August 26, 2013 at 1:53 am #434236
    nzwoof
    Member

    i think one is just knowing their process and the other is the effectiveness.

    side note: does your firm give a bonus for the award? i heard pwc does but other big 4 firms just give you a handshake and a pat on the back.

    Reg 4/06/13 81
    Far 5/28/13 86

    August 26, 2013 at 1:58 am #434237
    Anonymous
    Inactive

    @@nzwoof

    i don't think “evaulating the design and implementation” nor “understanding and knowledge of IC” is talking about effectiveness…

    I'm not sure if the question is asked clear enough, but from what I understand, evaluating is part of understanding.

    if you can elaborate on how becker differentiates the two terms, please do so

  • Author
    Replies
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Confused about where controls fall into the audit process’ is closed to new replies.