Question

Create and demonstrate a matrix of likelihood and magnitude of risk associated with internal control risk.

Answer 1

1. The tool uses this underlying chart for evaluating activities-level control deficiencies
   Is the potential magnitude less than material to annual or interim financial Yes- statements? No Are there complementary or redundant controls that were tested and evaluated that achieve the same control objective? Yes No Are there compensating controls that were tested and evaluated that reduce the Is the matter important enough to merit attention -Yes-by those responsible for oversight of financial reporting? magnitude of a misstatement of annual or interim financial statements to less than Deficiency No- material? Yes No Would a prudent official Based on an evaluation of the risk factors (listed in paragraph 10.127), is the possibility that controls will fail to prevent or detect and correct a material misstatement of annual or interim financial conclude that the deficiency is a material weakness considering both annual and interim financial statements? Significant Deficiency Yes- No- statements remote? No Material Yes Weakness
   10.127 The audit team should determine whether risk factors affect whether there is a reasonable possibility that a control deficiency or a combination of control deficiencies could cause a misstatement. The risk factors include:
   • the nature of the financial statement accounts, disclosures and assertions involved
   • the susceptibility of the related asset or liability to loss or fraud
   • the subjectivity, complexity, or extent of judgment required to determine the amount involved
   • the interaction of the deficiencies
   • the possible future consequences of the deficiency
   • past experience

1. The chart for evaluating IT general control deficiencies is as follows:

Are there complementary or redundant ITGCS that were tested and evaluated that achieve the same control objective? Yes No Are there control deficiencies at the application Ilevel evaluated as activities-level controls that are related to or caused by the ITGC deficiency? No- Yes Is the matter important enough to merit attention by those responsible for oversight of financial reporting? Are the control deficiencies at the application level related to or caused by the ITGC deficiency classified as a material weakness? No-Deficiency No- Yes Yes Would a prudent official conclude that the deficiency is a material weakness considering both Significant Deficiency Material Yes -No- Weakness annual and interim financial statements?

1. The chart for evaluating entity-level control deficiencies is as follows:

Is the deficiency one of the indicators of a material weakness as listed in paragraph 10.152? No Are there complementary or redundant programs or controls or compensating controls that were tested and evaluated that result in a judgment that the deficient control will not fail to prevent or detect and correct a material misstatement of annual or interim Yes Yes financial statements? No Is the matter important enough to merit attention by those responsible for oversight of financial reporting? Based on an evaluation of the risk factors (listed in paragraph 10.127), is the possibility that controls will fail to prevent or detect and correct a material misstatement of annual or interim financial -Yes No- Deficiency statements remote? Yes No Would a prudent official conclude that the deficiency is a material weakness considering Material Significant Deficiency Yes No- Weakness both annual and interim financial statements?

Indicators of a Material Weaknesss

1. Each of the following should be regarded as at least a significant deficiency. They are also a strong indicator of a material weakness in internal control over financial reporting:
   • identification of fraud, whether material or not, on the part of senior management
   • restatement of previously issued financial statements to reflect the correction of a material misstatement
   • identification by the audit team of a material misstatement in the financial statements that the audit team concludes would not have been detected by the entity’s internal control structure
   • ineffective oversight by the entity’s audit committee or others charged with governance over the entity’s financial reporting and internal control over financial reporting

Notes made by me as per teaching lecture.