The IRBA Inspection findings consistently highlights issues related to internal control risk assessments, including the work performed to understand internal controls, identify significant risks and to consider and respond to information technology (IT) risks.

Consideration of internal control is an area where auditors often find it difficult to comply.

Auditors need to remember that some work on internal controls needs to be performed and documented on every audit file even if a fully substantive audit approach is adopted

Course Content:

During this session the following important principles relating to internal controls will be discussed:
• Why is work on internal control necessary when auditors take a substantive approach?
• Which controls do auditors need to understand?
• What are the five interrelated components of internal controls that must be addressed by the auditor during all audits?
• Direct controls versus indirect controls
• Work effort for understanding each of the components of internal control
• When are controls relevant to the audit
• What is meant by controls over significant risks
• Deficiencies in internal controls
• Key issues for smaller entities
• What is the meaning of “testing design and implementation”
• How many items must be selected for testing
• New requirements for assessing control risk at less than maximum
• Discussion of finding as indicated in the IRBA inspection reports

Please note: The information covered in this session will be based on the newly released ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement (ED-315)