CPA Auditing and Attestation (AUD)
Certified Public Accountant Auditing and Attestation examination.
Internal Controls & Risk Assessment
What are Internal Controls?
Internal controls are systems and procedures designed to safeguard assets, ensure reliable financial reporting, and promote operational efficiency.
Types of Controls
- Preventive Controls: Stop errors before they happen (e.g., approval requirements).
- Detective Controls: Find errors after they occur (e.g., reconciliations).
- Corrective Controls: Fix problems after detection.
Risk Assessment
Auditors assess risks to focus their work efficiently. The risk model considers: \( \text{Audit Risk} = \text{Inherent Risk} \times \text{Control Risk} \times \text{Detection Risk} \)
- Inherent Risk: Susceptibility to errors without controls.
- Control Risk: Likelihood controls will fail.
- Detection Risk: Chance auditors miss an error.
Real-World Relevance
Understanding controls helps auditors identify where misstatements may occur and tailor their testing.
Key Formula
\[\text{Audit Risk} = \text{Inherent Risk} \times \text{Control Risk} \times \text{Detection Risk}\]
Examples
A retailer uses two signatures for large payments as a preventive control.
An auditor increases testing in areas with high risk and weak controls.
In a Nutshell
Internal controls and risk assessment guide audit focus and procedures.