December 18, 2019 at 7:51 am #2849034CirocOnTheRockParticipant
Can someone pls explain why the answer is increase and not decrease?December 18, 2019 at 9:19 am #2849082CH89Participant
I think it best helps to understand what the definition of control risk is. Control risk is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. We know, per the question, there are significant deficiencies in the operation of the client's internal control, which would lead to an inadequate internal control. In this situation, control risk would be assessed as high, and result in more substantive testing.December 18, 2019 at 10:35 am #2849214laney713Participant
Control Risk x Inherent Risk = Risk of material misstatement. Therefore, if there are significant deficiencies in the controls testing noted as in the case of this question, the auditor needs to increase the assessed level of control risk. Because of the increased assessed level of control risk, the auditor should do more substantive testing/detail testing to accommodate for the higher control risk. If the client's controls were operating more effectively, then the auditor could rely more on the controls testing and could therefore do less substantive testing (i.e. assess the control risk as lower).
Higher control risk (deficiencies noted in control testing) = more substantive testing required
Lower control risk (controls testing noted no deficiencies) = less substantive testing required (Can rely on controls testing)December 18, 2019 at 10:43 am #284922012tangParticipant
Without driving too far into definitions and formulas; what is risk? The higher the risk of something, the worse the possible outcome. So in the question you presented, they stated that there were significant deficiencies in the clients internal controls. That is a bad thing. So the assessment of risk must increase, as the bad thing in the client has increased. Hope that helps.