Advanced Topics
In a nutshell: Internal controls and risk assessment guide audit focus and procedures.
## What are Internal Controls?
Internal controls are systems and procedures designed to safeguard assets, ensure reliable financial reporting, and promote operational efficiency.
## Types of Controls
- **Preventive Controls:** Stop errors before they happen (e.g., approval requirements).
- **Detective Controls:** Find errors after they occur (e.g., reconciliations).
- **Corrective Controls:** Fix problems after detection.
## Risk Assessment
Auditors assess risks to focus their work efficiently. The risk model considers:
\( \text{Audit Risk} = \text{Inherent Risk} \times \text{Control Risk} \times \text{Detection Risk} \)
- **Inherent Risk:** Susceptibility to errors without controls.
- **Control Risk:** Likelihood controls will fail.
- **Detection Risk:** Chance auditors miss an error.
## Real-World Relevance
Understanding controls helps auditors identify where misstatements may occur and tailor their testing.
\text{Audit Risk} = \text{Inherent Risk} \times \text{Control Risk} \times \text{Detection Risk}
Examples
- A retailer uses two signatures for large payments as a preventive control.
- An auditor increases testing in areas with high risk and weak controls.
Key terms
- Control Risk
- The risk internal controls will not prevent or detect errors.
- Inherent Risk
- The natural risk of error in an area, before controls are considered.