LEARNING OBJECTIVES

After completing this chapter, you should be able to do the following:

•     Identify the components of internal control.

•     Identify the areas in which to focus on controls including the use of service organizations.

INTRODUCTION

AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AICPA, Professional Standards), addresses the auditor's responsibility to obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement of the financial statements whether due to error or fraud; and to design the nature, timing, and extent of further audit procedures.

AU-C section 315 requires the auditor to obtain an understanding of the five components of internal control sufficient to assess the risks of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures. This understanding may encompass controls placed in operation by the plan and by the service organization whose services are part of the plan's information system.

You should obtain a sufficient understanding by performing risk assessment procedures to

•     evaluate the design of controls relevant to an audit of financial statements.

•     determine whether they have been implemented.

This is not to be confused with AS 2201, An Audit of ...