A conceptually logical approach to the auditor’s consideration of relevant controls consists of the following four steps:
1 Determine whether the relevant controls are capable of preventing, or detecting and correcting, material misstatements and have been implemented.
2 Evaluate the operating effectiveness of relevant controls.
3 Assess the risks of material misstatement.
4 Design further audit procedures.
What is the most logical order in which these four steps are performed?
1, 3, 4 ,2
When obtaining an understanding of internal control, the auditor should perform risk assessment procedures to evaluate the design of relevant controls and to determine whether they have been implemented. This understanding is used to (1) identify types of misstatements, (2) identify factors affecting the risks of material misstatement, and (3) design further audit procedures. After obtaining the understanding, the RMMs should be assessed. In response to the risk assessment, the auditor designs further audit procedures. If the auditor relies on controls (has an expectation of their operating effectiveness), (s)he should perform tests of controls to evaluate their operating effectiveness (AU-C 315 and AU-C 330). Thus, the most logical order of the listed steps is the following:
Evaluate the design of relevant controls and determine whether they have been implemented,
Assess the RMMs,
Design further audit procedures, and Test controls.