Activity Based Risk Evaluation Model of Auditing

HOME >> FRAMEWORK >> CONTROL TESTING STAGE: EVIDENCE GATHERING ACTIVITIES

Control testing stage: evidence gathering:
Effectiveness of operation of internal control procedures

ACTIV- ITIES	STAGES
	CA/R	AP	CT	ST	OF
PL	SP	TP	OP	OP	OP
EG	PK	DK	EofO	EofM	CFS
EE	AR1	DR*2	DR*3	AR4	AR5
DM	A/R	AA	CR?	CAB	AO

After the audit program has been documented, the auditor gathers the evidence referred to in the audit program, namely evidence of the effectiveness of the internal control procedures upon which the auditor has planned reliance. To gather this evidence, the auditor undertakes activities referred to as tests of controls. However, if the auditor becomes aware of any information affecting that may affect the planned audit approach (e.g. additional information concerning the acceptable audit risk and/or inherent risk), the auditor notes this information in the working papers to be considered later in this audit stage.

Thus, for those account balance assertions for which a systems (or part systems) approach is planned, auditors gather evidence in relation to:

• acceptable audit risk AR*₃ at the account balance assertion level, but only when the auditor becomes aware that the value may have changed. However, in practice, it is unlikely there will be any further evidence available since the earlier evaluation of AR*₂.
• inherent risk IR₃ at the account balance assertion level, but only when the auditor becomes aware that the value may have changed. Again, it is unlikely in practice there will be any further evidence available since the earlier evaluation of IR₂.
• control risk CR₃ at the account balance assertion level. Auditors require this information in respect of all internal control procedures upon which reliance has been planned. Evidence that is relevant to CR₃ is evidence of the effectiveness of operation of internal control procedures: the less effective the operation of a control procedure relating to a particular account balance assertion, the greater the control risk for that account balance assertion.

  Activities that auditors perform in gathering this evidence include observation, inquiry , inspection, as well as certain CAATs.

After the auditor gathers the evidence above, the auditor evaluates the evidence, and in particular, arrives at a value for control risk, CR₃. If the auditor becomes aware of new information relating to the previous evaluations of the acceptable audit risk and inherent risk, then this information is used to arrive at values for AR*₃ and IR₃. Otherwise, AR*₃ and IR₃ assume the same values as AR*₂ and IR₂.

The values of AR*₃, IR₃ and CR₃ enable a value for the revised acceptable detection risk to be determined. Refer to the next activity.

Copyright, Australian Educational Research Pty Ltd. Any person accessing this site agrees to the Terms of Use.