Understanding of Internal Control

.13 The auditor obtains a sufficient understanding of the design of controls relevant to the audit of financial statements to plan the audit and to determine whether they have been placed in operation. Since a primary objective of many internal audit functions is to review, assess, and monitor controls, the procedures performed by the internal auditors in this area may provide useful information to the auditor. For example, internal auditors may develop a flowchart of a new computerized sales and receivables system. The auditor may review the flowchart to obtain information about the design of the related controls. In addition, the auditor may consider the results of procedures performed by the internal auditors on related controls to obtain information about whether the controls have been placed in operation. [Revised, February 1997, to reflect conforming changes necessary due to the issuance of Statement on Auditing Standards No. 78.]

Risk Assessment
.14 The auditor assesses the risk of material misstatement at both the financial-statement level and the account-balance or class-of-transaction level.

Financial-Statement Level

.15 At the financial-statement level, the auditor makes an overall assessment of the risk of material misstatement. When making this assessment, the auditor should recognize that certain controls may have a pervasive effect on many financial statement assertions. The control environment and accounting system often have a pervasive effect on a number of account balances and transaction classes and therefore can affect many assertions. The auditor's assessment of risk at the financial-statement level often affects the overall audit strategy. The entity's internal audit function may influence this overall assessment of risk as well as the auditor's resulting decisions concerning the nature, timing, and extent of auditing procedures to be performed. For example, if the internal auditors' plan includes relevant audit work at various locations, the auditor may coordinate work with the internal auditors (see paragraph .23) and reduce the number of the entity's locations at which the auditor would otherwise need to perform auditing procedures.

Account-Balance or Class-of-Transaction Level

.16 [The following paragraph is effective for audits of fiscal years ending on or after November 15, 2004, for accelerated filers, and on or after July 15, 2005, for all other issuers. See PCAOB Release No. 2004-008PDF.

For audits of fiscal years ending before November 15, 2004, for accelerated filers, and before July 15, 2005, for all other issuers, click here.]
At the account-balance or class-of-transaction level, the auditor performs procedures to obtain and evaluate evidential matter concerning management's assertions. The auditor assesses control risk for each of the relevant financial statement assertions related to all significant accounts and disclosures in the financial statements and performs tests of controls to support assessments below the maximum. When planning and performing tests of controls, the auditor may consider the results of procedures planned or performed by the internal auditors. For example, the internal auditors' scope may include tests of controls for the completeness of accounts payable. The results of internal auditors' tests may provide appropriate information about the effectiveness of controls and change the nature, timing, and extent of testing the auditor would otherwise need to perform.