Page 71 - CA Inter Bhaskar Vol 1
P. 71
CA RAVI TAORI CONTROL RISK (CR)
RISK ASSESSMENT AND INTERNAL CONTROL
AUDIT BHASKAR CH 03 - PART 01 Definition Ineffective Implementation
Chart of
Control Risk
Controls not able to prevent, detect & correct (PDC)
Material misstatements individually or in aggregate
In assertion of TBD
Design
Reasons
Maintenance
Can reduce it but not eliminate
Elimination
Top Level Mgt Override
Because
Mid-Level Collusion
Lower Level Human Error
Assessment Separate or Combined Quantitative or Non-Quantitative
Separate IR
Big Client Good ICS RMM
Assessment CR
Not having properly Combined
Small Client RMM
documented ICS assessment
Inverse Relationship With efficiency of control
Control Risk Definition
(QNO-315.11, The risk that a misstatement that could occur in an assertion about a class of transaction, account
315.13)
(MCQ-Incs.10.1) balance or disclosure and that could be material, either individually or when aggregated with other
misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's
internal control.
It is a function of the effectiveness of the design, implementation and maintenance of internal
control by management to address identified risks that threaten the achievement of the entity's
objectives relevant to preparation of the entity's financial statements. (Design Problem: - No
monthly stock counting rule, Implementation Problem: - Rule exists but not followed, Maintenance
Problem:- Counting sheets and procedures not updated as per new products)
Explanation of Definition
Control Risk is a risk that internal control existing and operating in an entity would not be efficient
enough to stop from happening, or find and then rectify in an appropriate time, any material
misstatement relating to a transaction, balance of an account or disclosure required to be made in
the financial statements of that entity. So, in a way it can be said that there exists an inverse
relation between Control Risk and Efficiency of Internal Control of an Entity. When efficiency of
internal control of an entity is high the control risk is low and when efficiency of internal control of
that entity is low the control risk is high.
100% Elimination Not Possible
However, internal control, no matter how well designed and operated, can only reduce, but not
eliminate, risks of material misstatement in the financial statements, because of the inherent
limitations of internal control. These include, for example, the possibility of human errors or
mistakes, or of controls being circumvented by collusion or inappropriate management override.
www.auditguru.in 03.04
