Underpinning the accounting system and the internal control activities of an entity is the control environment. The control environment includes management's attitudes and other factors such as integrity and ethical values, commitment to internal control, competence, board of directors and audit committee participation, management's philosophy and operating style, organizational structure, assignment of authority and responsibility and human resource policies and practices. All other elements of internal control are established and depend on the control environment.
For small entities, the owner or manager (the top onsite authority) is the control environment. The person's character, commitment to internal control and diligence in carrying out day-to-day responsibilities sets the standard for behavior of employees. It is what this person does, not what they say others must do, that shapes the control environment for small entities.
Understanding the five elements of internal control will enable us to evaluate control risk and to design the most cost-efficient mix of evidence in each engagement's circumstances. Cost-benefit considerations play a primary role in selecting the audit strategy and begin with internal control evaluation decisions. Since an audit strategy can no longer contain a default of control risk to maximum, material risks of misstatements must be identified to ensure auditing procedures are sufficient to mitigate such risks. The identification of risks of material misstatements due to error or fraud drive the design of the audit plan (program).
For example, areas of high risk result in more reliable substantive procedures covering a greater portion of an account balance. Low risk, on the other hand, permits the use of less reliable subtantive procedures covering a smaller portion of an account balance. Are you modifying your substantive procedures when risk is low? Post a comment.