Question

After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because he or she

a. Believes the internal controls are unlikely to be effective.
b. Determines that the pertinent internal control components are not well documented.
c. Performs tests of controls to restrict detection risk to an acceptable level.
d. Identifies internal controls that are likely to prevent material misstatements.

Answer 1

An auditor may set control risk at high because he or she believes the internal controls are unlikely to be effective, leading to a decision to not rely on them and to perform more substantive testing.

Step-by-step explanation:

After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because he or she believes the internal controls are unlikely to be effective. This assessment may occur when an auditor, during the course of an audit, evaluates the designed effectiveness of internal controls and determines that they are not capable of preventing or detecting material misstatements in the financial statements. Consequently, the auditor may decide not to rely on the controls and might plan to perform more extensive substantive testing.

It is important to note that when internal control components are not well documented or when an auditor does not perform tests of controls, they may also contribute to setting a higher control risk. However, if an auditor identifies controls that are likely to prevent material misstatements, this would likely lead to a lower assessment of control risk.