Question

When obtaining an understanding of internal controls, the auditor identifies important programmed application controls over the occurrence of sales. However, the auditor also has serious concerns about the adequacy of the control environment due to a weak tone at the top about control consciousness. Which of the following best describes how the auditor should respond to this situation when planning tests of controls related to the occurrence of sales?

a) The auditor could assess control risk as low for an assertion after performing software-based audit techniques on controls relevant to that assertion and assessing the adequacy of segregation of duties.
b) The auditor could assess control risk as low for an assertion if ITGCs are tested and shown to be strong.
c) The auditor could assess control risk as low for an assertion after performing software-based audit techniques on controls relevant to that assertion.
d) The auditor will probably assess control risk at the maximum irrespective of the quality of the programmed application controls.

Answer 1

The auditor should assess control risk as low for an assertion after performing software-based audit techniques on controls relevant to that assertion and assessing the adequacy of segregation of duties.

Step-by-step explanation:

When faced with concerns about the adequacy of the control environment, the auditor should assess control risk as low for an assertion after performing software-based audit techniques on controls relevant to that assertion and assessing the adequacy of segregation of duties. This means that the auditor should evaluate the effectiveness of the programmed application controls related to the occurrence of sales and also consider the overall control consciousness at the organization. Assessing control risk as low would imply that the auditor believes the controls are reliable and can be relied upon for conducting the audit.